🤣🤣🤣 [CVE-2024-40896][libxml2] XXE protection broken in downstream code https://gitlab.gnome.org/GNOME/libxml2/-/issues/761 https://gitlab.gnome.org/GNOME/libxml2/-/commit/1a8932303969907f6572b1b6aac4081c56adb5c6 "...bug should occur if you compile libraptor with the commit above and libxml2 2.11 or greater." PoC: https://git.libreoffice.org/core/+/cdda6533b44333b18d3dc6306dfd0f7058e40b32/unoxml/qa/unit/data/cve_2012_0037.rdf
See Tweet