CVE-2017-0663 — Out-of-bounds Write in Libxml2
Severity
7.8HIGHNVD
EPSS
1.0%
top 22.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 14
Latest updateDec 14
Description
A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages6 packages
▶CVEListV5google_inc/androidAndroid-4.4.4 Android-5.0.2 Android-5.1.1 Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2
🔴Vulnerability Details
3GHSA▶
GHSA-9cf7-h7g3-cg3p: A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context↗2022-05-13
OSV▶
CVE-2017-0663: A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context↗2017-06-14
📋Vendor Advisories
6Android▶
CVE-2017-0663: Android Security Bulletin 2017-06-01
CVE: CVE-2017-0663
Severity: HIGH
Type: RCE
Affected AOSP versions: 4↗2017-06-01
💬Community
4Bugzilla
▶