CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-10672

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1360%
EPSS Percentile35.05th
Published2017年6月29日
Last Modified2026年5月13日

Vulnerability Description

Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call.

Affected Platforms (CPE)

📦
Xml Libxml Project

Xml Libxml

<= 2.0129
💻
Debian

Debian Linux

= 8.0
💻
Debian

Debian Linux

= 9.0

References & Advisories

🔗 https://lists.debian.org/debian-lts-announce/2017/11/msg00017.html
🔗 https://rt.cpan.org/Public/Bug/Display.html?id=122246
🔗 https://www.debian.org/security/2017/dsa-4042
🔗 https://lists.debian.org/debian-lts-announce/2017/11/msg00017.html
🔗 https://rt.cpan.org/Public/Bug/Display.html?id=122246
🔗 https://www.debian.org/security/2017/dsa-4042

関連する脆弱性情報

CVE-2015-88669.6

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_di...

CVE-2011-19449.3

Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context...

CVE-2025-497969.1

A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption...

CVE-2025-497949.1

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances whe...