Denial of Service Vulnerability in libxml2 Affects Users of Applications Relying on XML Parsing
CVE-2017-8872

9.1CRITICAL

Key Information:

Vendor: Xmlsoft
Status: Libxml2
Vendor: CVE Published:; 10 May 2017

What is CVE-2017-8872?

The vulnerability in libxml2's htmlParseTryOrFinish function presents a significant risk, allowing attackers to exploit buffer over-read issues. This could lead to denial of service conditions or unauthorized information disclosure, affecting any applications that depend on this XML parsing library. Users are encouraged to update to the latest versions to mitigate potential threats.

References

https://bugzilla.gnome.org/show_bug.cgi?id=775200

x_refsource_MISC

https://lists.debian.org/debian-lts-announce/2020/09/msg0...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 10, 2017
Vulnerability Reserved
May 9, 2017

JSON

Xmlsoft

What is CVE-2017-8872?

References

CVSS V3.1

Timeline