Vulnerability Details CVE-2017-5969
libxml2 2.9.4, when used in recover mode, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted XML document. NOTE: The maintainer states "I would disagree of a CVE with the Recover parsing option which should only be used for manual recovery at least for XML parser.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.027
EPSS Ranking 85.3%
CVSS Severity
CVSS v3 Score 4.7
CVSS v2 Score 2.6
References
- http://www.openwall.com/lists/oss-security/2016/11/05/3
- http://www.openwall.com/lists/oss-security/2017/02/13/1
- http://www.securityfocus.com/bid/96188
- https://bugzilla.gnome.org/show_bug.cgi?id=778519
- https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html
- https://security.gentoo.org/glsa/201711-01
- http://www.openwall.com/lists/oss-security/2016/11/05/3
- http://www.openwall.com/lists/oss-security/2017/02/13/1
- http://www.securityfocus.com/bid/96188
- https://bugzilla.gnome.org/show_bug.cgi?id=778519
- https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html
- https://security.gentoo.org/glsa/201711-01