Fluid Attacks Database

Description

The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	libxml2	>=0 <2.9.4+dfsg1-6.1	2.9.4+dfsg1-6.1
debian 13	libxml2	>=0 <2.9.4+dfsg1-6.1	2.9.4+dfsg1-6.1
debian 12	libxml2	>=0 <2.9.4+dfsg1-6.1	2.9.4+dfsg1-6.1
debian 11	libxml2	>=0 <2.9.4+dfsg1-6.1	2.9.4+dfsg1-6.1
nuget	libxml2	=2.9.4	-
rpm rhel6	libxml2	-	-
rpm rhel7	libxml2	-	-
rpm rhel5	libxml2	-	-

Aliases

1. CVE-2017-88722. NVD-2017-88723. OSV-DEBIAN-2017-88724. OSV-2017-88725. GCVE-2017-88726. SECURITY-TRACKER-CVE-2017-88727. lists.debian.org

References

1. https://bugzilla.gnome.org/show_bug.cgi?id=775200

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.