Main Vulnerability Database Vulnerabilities #VU9690

#VU9690 Buffer over-read in Libxml2 - CVE-2017-8872

Published: December 19, 2017

Vulnerability identifier: #VU9690

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2017-8872

CWE-ID: CWE-126

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Libxml2

Software vendor:
Gnome Development Team

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition on the target system.

The weakness exists in the htmlParseTryOrFinish function of XMLSoft libxml2 due to buffer over-read condition in the HTMLparser.c source code. A remote attacker can send a specially crafted XML file, trick the victim into opening it and read arbitrary data or cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website.

External links

http://www.vuxml.org/freebsd/76e59f55-4f7a-4887-bcb0-11604004163a.html

#VU9690 Buffer over-read in Libxml2 - CVE-2017-8872

Description

Remediation

External links

Please verify you're human