cbcvebase.
CVE-2017-0663
published 2017-06-14

CVE-2017-0663: A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an…

PriorityP341high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
EPSS
2.14%
79.8th percentile
A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.

Affected

17 ranges
VendorProductVersion rangeFixed in
debianlibxml2< libxml2 2.9.4+dfsg1-3.1 (bookworm)libxml2 2.9.4+dfsg1-3.1 (bookworm)
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
googleandroid
google_incandroid
xmlsoftlibxml2>= 0 < 2.9.4+dfsg1-3.12.9.4+dfsg1-3.1
xmlsoftlibxml2>= 0 < 2.9.4+dfsg1-3.12.9.4+dfsg1-3.1
xmlsoftlibxml2>= 0 < 2.9.4+dfsg1-3.12.9.4+dfsg1-3.1
xmlsoftlibxml2>= 0 < 2.9.4+dfsg1-3.12.9.4+dfsg1-3.1
xmlsoftlibxml2>= 0 < 2.9.1+dfsg1-3ubuntu4.102.9.1+dfsg1-3ubuntu4.10
xmlsoftlibxml2>= 0 < 2.9.3+dfsg1-1ubuntu0.32.9.3+dfsg1-1ubuntu0.3

CVSS provenance

nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
vendor_ubuntu7.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.