CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-16931

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1230%
EPSS Percentile39.97th
Published2017年11月23日
Last Modified2026年5月13日

Vulnerability Description

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.

Affected Platforms (CPE)

📦
Xmlsoft

Libxml2

<= 2.9.4

References & Advisories

🔗 http://xmlsoft.org/news.html
🔗 https://bugzilla.gnome.org/show_bug.cgi?id=766956
🔗 https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3
🔗 https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html
🔗 https://www.oracle.com//security-alerts/cpujul2021.html
🔗 http://xmlsoft.org/news.html
🔗 https://bugzilla.gnome.org/show_bug.cgi?id=766956
🔗 https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3

関連する脆弱性情報

CVE-2008-352910.0

Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent at...

CVE-2008-422610.0

Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of servic...

CVE-2004-098910.0

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execut...

CVE-2017-73769.8

Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when...