Use After Free in libxml2

Do your applications use this vulnerable package? Test your applications

Overview

Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

References

Chromium Issue
Debian Security Advisory
Debian Security Announcement
Debian Security Tracker
Gentoo Security Advisory
MISC
MISC
RHSA Security Advisory
RHSA Security Advisory
Security Tracker
Ubuntu CVE Tracker

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

High
Integrity

High
Availability

High

CVE: CVE-2017-15412
CWE: CWE-416
Snyk ID: SNYK-DEBIAN8-LIBXML2-429325
Disclosed: 28 Aug, 2018
Published: 27 Jun, 2018

Use After Free
Affecting libxml2 package, versions <2.9.1+dfsg1-5+deb8u6

Overview

References

CVSS Score

Use After Free Affecting libxml2 package, versions <2.9.1+dfsg1-5+deb8u6

Overview

References

Use After Free
Affecting libxml2 package, versions <2.9.1+dfsg1-5+deb8u6