CVE-2017-16932

moderate-risk
Published 2017-11-23

parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.

Do I need to act?

!
22.0% chance of exploitation in next 30 days
EPSS score — higher than 78% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Xmlsoft

References (19)

Release Notes http://xmlsoft.org/news.html
https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html
Permissions Required https://bugzilla.gnome.org/show_bug.cgi?id=759579
Patch https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961
https://gitlab.gnome.org/GNOME/libxml2/-/commit/899a5d9f0ed13b8e32449a08a361e0de...
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e3...
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8...
https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html
https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html
https://usn.ubuntu.com/3739-1/
Release Notes http://xmlsoft.org/news.html
https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html
Permissions Required https://bugzilla.gnome.org/show_bug.cgi?id=759579
Patch https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e3...
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8...
https://lists.debian.org/debian-lts-announce/2017/11/msg00041.html
https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html
https://usn.ubuntu.com/3739-1/
45
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 14/34 · Moderate
Exposure 5/34 · Minimal