Stack-Based Buffer Overflow in libxml2 Affecting PHP and Other Applications
CVE-2017-9048

7.5HIGH

Key Information:

Vendor

Xmlsoft

Status
Libxml2
Vendor
CVE Published:
18 May 2017

What is CVE-2017-9048?

The libxml2 library is susceptible to a stack-based buffer overflow due to inadequate size checks in the xmlSnprintfElementContent function. This function is responsible for recursively processing element definitions into a character buffer. When the function attempts to concatenate additional characters to the buffer without verifying its current size, it can lead to program crashes and instability in applications relying on libxml2, including PHP. This vulnerability highlights the importance of proper size validation within critical libraries to prevent memory corruption risk.

References

http://www.debian.org/security/2017/dsa-3952
vendor-advisoryx_refsource_DEBIAN
https://security.gentoo.org/glsa/201711-01
vendor-advisoryx_refsource_GENTOO
http://www.openwall.com/lists/oss-security/2017/05/15/1
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.