CVE-2017-16932

Published: 23 November 2017

parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
libxml2
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver)
Released (2.9.4+dfsg1-6.1ubuntu1.2)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (2.9.3+dfsg1-1ubuntu0.4)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.9.1+dfsg1-3ubuntu4.11)
Patches:
Upstream: https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961