CVE-2017-5130
moderate-risk
Published 2018-02-07
An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.
Do I need to act?
~
1.2% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (4)
References (22)
Issue Tracking
http://bugzilla.gnome.org/show_bug.cgi?id=783026
Third Party Advisory
http://www.securityfocus.com/bid/101482
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2997
Third Party Advisory
https://crbug.com/722079
Third Party Advisory
https://git.gnome.org/browse/libxml2/commit/?id=897dffbae322b46b83f99a607d527058...
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2017/11/msg00034.html
Third Party Advisory
https://security.gentoo.org/glsa/201710-24
Issue Tracking
http://bugzilla.gnome.org/show_bug.cgi?id=783026
Third Party Advisory
http://www.securityfocus.com/bid/101482
Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2997
Third Party Advisory
https://crbug.com/722079
Third Party Advisory
https://git.gnome.org/browse/libxml2/commit/?id=897dffbae322b46b83f99a607d527058...
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2017/11/msg00034.html
Third Party Advisory
https://security.gentoo.org/glsa/201710-24
and 2 more references
44
/ 100
moderate-risk
Severity
30/34 · Critical
Exploitability
4/34 · Minimal
Exposure
10/34 · Low