CRITICAL🇬🇧 English

CVE-2017-16931

CVSS 9.8v3.0pub. 2017-11-23upd. 2026-05-13

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Xmlsoft Libxml2

    APP
    Xmlsoft
    ≤ 2.9.4
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-40896CRITICAL9.1PL ✓ten sam produkt

XXE w bibliotece libxml2 — obejście niestandardowych handlerów SAX

CVE-2017-7376CRITICAL9.8ten sam produkt

Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit ...

CVE-2017-7375CRITICAL9.8ten sam produkt

A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not ...

CVE-2017-8872CRITICAL9.1ten sam produkt

The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of servi...

CVE-2016-4658CRITICAL9.8ten sam produkt

xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and wat...