Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.
{
"sources": [
{
"database_specific": {
"status": "Modified",
"tags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
]
},
"imported": "2026-07-17T21:06:17.268Z",
"published": "2023-08-29T17:15:12.527Z",
"url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-39615",
"id": "CVE-2023-39615",
"html_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39615",
"modified": "2026-06-17T06:12:37.380Z"
}
],
"license": "CC-BY-4.0"
}