GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.
{ "vanir_signatures": [ { "source": "https://gitlab.gnome.org/GNOME/libxml2@50f06b3efb638efb0abd95dc62dca05ae67882c2", "digest": { "function_hash": "333089290179452094192545213626485405871", "length": 227.0 }, "deprecated": false, "signature_type": "Function", "id": "CVE-2020-24977-76b4c8fa", "signature_version": "v1", "target": { "function": "xmlHTMLEncodeSend", "file": "xmllint.c" } }, { "source": "https://gitlab.gnome.org/GNOME/libxml2@50f06b3efb638efb0abd95dc62dca05ae67882c2", "digest": { "line_hashes": [ "168672058864961257859405146754354472187", "64644107898846976266284128143066975089", "182440086416972751708829220127142151095" ], "threshold": 0.9 }, "deprecated": false, "signature_type": "Line", "id": "CVE-2020-24977-d0c9a80a", "signature_version": "v1", "target": { "file": "xmllint.c" } } ] }