Integer Overflow Vulnerability in libxml2 Affecting Google Chrome and Other Products
CVE-2017-5130

8.8HIGH

Key Information:

Vendor

Google
Status
Google Chrome Prior To 62.0.3202.62
Vendor
CVE Published:
7 February 2018

What is CVE-2017-5130?

An integer overflow vulnerability exists in the xmlmemory.c file of libxml2 prior to version 2.9.5. This flaw can be exploited by remote attackers who craft malicious XML files. When processed by affected products such as Google Chrome prior to version 62.0.3202.62, this vulnerability can lead to heap corruption, enabling attackers to execute arbitrary code or disrupt service.

Affected Version(s)

Google Chrome prior to 62.0.3202.62 Google Chrome prior to 62.0.3202.62

References

http://www.securityfocus.com/bid/101482
vdb-entryx_refsource_BID
https://lists.debian.org/debian-lts-announce/2017/11/msg0...
mailing-listx_refsource_MLIST
http://bugzilla.gnome.org/show_bug.cgi?id=783026
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.