Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2017-5130

Опубликовано: 07 фев. 2018
Источник: debian
EPSS Низкий

Описание

An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libxml2fixed2.9.4+dfsg1-5.1package
libxml2no-dsajessiepackage
chromium-browserfixed62.0.3202.75-1package

Примечания

  • chromium-browser uses system libxml2.

  • https://bugs.chromium.org/p/chromium/issues/detail?id=722079 (not public)

  • https://bugzilla.gnome.org/show_bug.cgi?id=783026 (not public)

  • xmlMemoryStrdup is only for debugging with excpetion in xmlint when invoked

  • with --maxmem. Similar issue for xmlMallocLoc and xmlReallocLoc.

  • Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/897dffbae322b46b83f99a607d527058a72c51ed

  • Needs follow up: https://gitlab.gnome.org/GNOME/libxml2/-/commit/ed48d65b4d6c5cec7be035ad5eebeba873b4b955

EPSS

Процентиль: 73%
0.00762
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2017-5130

CVSS3: 8.8
ubuntu
почти 8 лет назад

An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.

redhat логотип

CVE-2017-5130

CVSS3: 8.8
redhat
больше 8 лет назад

An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.

nvd логотип

CVE-2017-5130

CVSS3: 8.8
nvd
почти 8 лет назад

An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.

github логотип

GHSA-6vrj-w635-63jg

CVSS3: 8.8
github
больше 3 лет назад

An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.

fstec логотип

BDU:2021-05256

CVSS3: 8.8
fstec
больше 8 лет назад

Уязвимость компонента xmlmemory.c программного обеспечения для анализа XML-документов libxml2, связанная с записью за границами буфера, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

EPSS

Процентиль: 73%
0.00762
Низкий