Infinite Recursion Vulnerability in libxml2 by GNOME
CVE-2017-16932

7.5HIGH

Key Information:

Vendor: Xmlsoft
Status: Libxml2
Vendor: CVE Published:; 23 November 2017

What is CVE-2017-16932?

The libxml2 library, commonly used for XML parsing, contains a vulnerability within the parser component. This issue arises from a failure to manage parameter entities properly, leading to the potential for infinite recursion. If exploited, this vulnerability can compromise application stability and security. Users are advised to update to versions 2.9.5 or later to mitigate the risks associated with this vulnerability.

References

https://blog.clamav.net/2018/07/clamav-01001-has-been-rel...

x_refsource_CONFIRM

https://lists.debian.org/debian-lts-announce/2017/11/msg0...

mailing-listx_refsource_MLIST

http://xmlsoft.org/news.html

x_refsource_CONFIRM

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 23, 2017
Vulnerability Reserved
Nov 23, 2017

Xmlsoft

What is CVE-2017-16932?

References

EPSS Score

CVSS V3.1

Timeline