CRITICAL🇵🇱 Wersja polska

CVE-2017-8872

CVSS 9.1v3.1pub. 2017-05-10upd. 2026-05-13

The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
  • Xmlsoft Libxml2

    APP
    Xmlsoft
    2.9.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoS
CWE
References

Related vulnerabilities

CVE-2024-40896CRITICAL9.1PL ✓ten sam produkt

XXE w bibliotece libxml2 — obejście niestandardowych handlerów SAX

CVE-2017-7375CRITICAL9.8ten sam produkt

A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not ...

CVE-2017-7376CRITICAL9.8ten sam produkt

Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit ...

CVE-2017-16931CRITICAL9.8ten sam produkt

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlP...

CVE-2016-4658CRITICAL9.8ten sam produkt

xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS X before 10.12, tvOS before 10, and wat...