CyberSec.Space Logo
Back to CVE Browser

CVE-2017-10672

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1360%
EPSS Percentile35.05th
PublishedJun 29, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call.

Affected Platforms (CPE)

πŸ“¦
Xml Libxml Project

Xml Libxml

<= 2.0129
πŸ’»
Debian

Debian Linux

= 8.0
πŸ’»
Debian

Debian Linux

= 9.0

References & Advisories

πŸ”— https://lists.debian.org/debian-lts-announce/2017/11/msg00017.html
πŸ”— https://rt.cpan.org/Public/Bug/Display.html?id=122246
πŸ”— https://www.debian.org/security/2017/dsa-4042
πŸ”— https://lists.debian.org/debian-lts-announce/2017/11/msg00017.html
πŸ”— https://rt.cpan.org/Public/Bug/Display.html?id=122246
πŸ”— https://www.debian.org/security/2017/dsa-4042

Related Vulnerabilities

CVE-2015-88669.6

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_di...

CVE-2011-19449.3

Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context...

CVE-2025-497969.1

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption...

CVE-2025-497949.1

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances whe...