CVE-2017-15412
published 2018-08-28CVE-2017-15412: Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit…
PriorityP346high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
2.96%
85.5th percentile
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | macos_high_sierra_10.13.4_security_update_2018-002_sierra_and_security_update_20 | — | — |
| apple | tvos | — | — |
| apple | watchos | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | libxml2 | < libxml2 2.9.4+dfsg1-5.2 (bookworm) | libxml2 2.9.4+dfsg1-5.2 (bookworm) |
| chrome | < 63.0.3239.84 | 63.0.3239.84 | |
| nokogiri | nokogiri | >= 0 < 1.8.2 | 1.8.2 |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
| xmlsoft | libxml2 | < 2.9.5 | 2.9.5 |
| xmlsoft | libxml2 | >= 0 < 2.9.4+dfsg1-5.2 | 2.9.4+dfsg1-5.2 |
| xmlsoft | libxml2 | >= 0 < 2.9.4+dfsg1-5.2 | 2.9.4+dfsg1-5.2 |
| xmlsoft | libxml2 | >= 0 < 2.9.4+dfsg1-5.2 | 2.9.4+dfsg1-5.2 |
| xmlsoft | libxml2 | >= 0 < 2.9.4+dfsg1-5.2 | 2.9.4+dfsg1-5.2 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Apple
CVE-2017-15412: tvOS 11.3
vendor_apple·2018-03-29·CVSS 8.8
CVE-2017-15412 [HIGH] CVE-2017-15412: tvOS 11.3
Apple Security Update: About the security content of tvOS 11.3
Product: tvOS
Version: 11.3
CVE: CVE-2017-15412
Component: Kernel
Impact: A malicious application may be able to determine kernel memory layout
Description: An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling.
Apple
CVE-2017-15412: macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan
vendor_apple·2018-03-29·CVSS 8.8
CVE-2017-15412 [HIGH] CVE-2017-15412: macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan
Apple Security Update: About the security content of macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan
Product: macOS High Sierra 10.13.4, Security Update 2018-002 Sierra, and Security Update 2018-002 El Capitan
CVE: CVE-2017-15412
Component: LaunchServices
Impact: A maliciously crafted application may be able to bypass code signing enforcement
Description: A logic issue was addressed with improved validation.
Apple
CVE-2017-15412: watchOS 4.3
vendor_apple·2018-03-29·CVSS 8.8
CVE-2017-15412 [HIGH] CVE-2017-15412: watchOS 4.3
Apple Security Update: About the security content of watchOS 4.3
Product: watchOS
Version: 4.3
CVE: CVE-2017-15412
Component: Kernel
Impact: A malicious application may be able to determine kernel memory layout
Description: An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling.
Apple
CVE-2017-15412: iOS 11.3
vendor_apple·2018-03-29·CVSS 8.8
CVE-2017-15412 [HIGH] CVE-2017-15412: iOS 11.3
Apple Security Update: About the security content of iOS 11.3
Product: iOS
Version: 11.3
CVE: CVE-2017-15412
Component: Kernel
Impact: A malicious application may be able to determine kernel memory layout
Description: An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling.
Ubuntu
libxml2 vulnerability
vendor_ubuntu·2017-12-13
CVE-2017-15412 libxml2 vulnerability
Title: libxml2 vulnerability
Summary: libxml2 could be made to crash or run arbitrary code if it
opened a specially crafted file.
It was discovered that libxml2 incorrecty handled certain files. An attacker
could use this issue with specially constructed XML data to cause libxml2 to
consume resources, leading to a denial of service.
Instructions: In general, a standard system update will make all the necessary changes.
Ubuntu
libxml2 vulnerability
vendor_ubuntu·2017-12-13
CVE-2017-15412 libxml2 vulnerability
Title: libxml2 vulnerability
Summary: libxml2 could be made to crash or run arbitrary code if it
opened a specially crafted file.
USN-3513-1 fixed a vulnerability in libxml2. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
It was discovered that libxml2 incorrecty handled certain files. An attacker
could use this issue with specially constructed XML data to cause libxml2 to
consume resources, leading to a denial of service.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c
vendor_redhat·2017-12-06·CVSS 8.8
CVE-2017-15412 [HIGH] libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c
libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
A use-after-free flaw was found in the libxml2 library. An attacker could use this flaw to cause an application linked against libxml2 to crash when parsing a specially crafted XML file.
Package: libxml2 (Red Hat Enterprise Linux 6) - Out of support scope
Package: libxml2 (Red Hat Enterprise Linux 8) - Not affected
Package: mingw-libxml2 (Red Hat Enterprise Linux 8) - Affected
Package: libxml2 (Red Hat JBoss Enterprise Web Server 3) - Will not fix
Debian
CVE-2017-15412: libxml2 - Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3...
vendor_debian·2017·CVSS 8.8
CVE-2017-15412 [HIGH] CVE-2017-15412: libxml2 - Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3...
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Scope: local
bookworm: resolved (fixed in 2.9.4+dfsg1-5.2)
bullseye: resolved (fixed in 2.9.4+dfsg1-5.2)
forky: resolved (fixed in 2.9.4+dfsg1-5.2)
sid: resolved (fixed in 2.9.4+dfsg1-5.2)
trixie: resolved (fixed in 2.9.4+dfsg1-5.2)
OSV
Nokogiri gem, via libxml, is affected by DoS vulnerabilities
osv·2022-05-14
CVE-2017-15412 [HIGH] Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
GHSA
Nokogiri gem, via libxml, is affected by DoS vulnerabilities
ghsa·2022-05-14
CVE-2017-15412 [HIGH] CWE-416 Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
OSV
CVE-2017-15412: Use after free in libxml2 before 2
osv·2018-08-28·CVSS 8.8
CVE-2017-15412 [HIGH] CVE-2017-15412: Use after free in libxml2 before 2
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-15412 mingw-libxml2: chromium-browser: use after free in libxml [fedora-all]
bugzilla·2017-12-11·CVSS 8.8
CVE-2017-15412 [HIGH] CVE-2017-15412 mingw-libxml2: chromium-browser: use after free in libxml [fedora-all]
CVE-2017-15412 mingw-libxml2: chromium-browser: use after free in libxml [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported
Bugzilla
CVE-2017-15412 mingw-libxml2: chromium-browser: use after free in libxml [epel-7]
bugzilla·2017-12-11·CVSS 8.8
CVE-2017-15412 [HIGH] CVE-2017-15412 mingw-libxml2: chromium-browser: use after free in libxml [epel-7]
CVE-2017-15412 mingw-libxml2: chromium-browser: use after free in libxml [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use the following template to for the '
Bugzilla
CVE-2017-15412 libxml2: chromium-browser: use after free in libxml [fedora-all]
bugzilla·2017-12-11·CVSS 8.8
CVE-2017-15412 [HIGH] CVE-2017-15412 libxml2: chromium-browser: use after free in libxml [fedora-all]
CVE-2017-15412 libxml2: chromium-browser: use after free in libxml [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versio
Bugzilla
CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411 CVE-2017-15412 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2
bugzilla·2017-12-07·CVSS 8.8
CVE-2017-15407 [HIGH] CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411 CVE-2017-15412 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2
CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411 CVE-2017-15412 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2017-15422 ... chromium: various flaws [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-l
Bugzilla
CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411 CVE-2017-15412 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2
bugzilla·2017-12-07·CVSS 8.8
CVE-2017-15407 [HIGH] CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411 CVE-2017-15412 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2
CVE-2017-15407 CVE-2017-15408 CVE-2017-15409 CVE-2017-15410 CVE-2017-15411 CVE-2017-15412 CVE-2017-15413 CVE-2017-15415 CVE-2017-15416 CVE-2017-15417 CVE-2017-15418 CVE-2017-15419 CVE-2017-15420 CVE-2017-15422 ... chromium: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the releva
Bugzilla
CVE-2017-15412 libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c
bugzilla·2017-12-07·CVSS 8.8
CVE-2017-15412 [HIGH] CVE-2017-15412 libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c
CVE-2017-15412 libxml2: Use after free in xmlXPathCompOpEvalPositionalPredicate() function in xpath.c
An use after free flaw was found in the libXML component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=727039
External References:
https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: epel-7 [bug 1523143]
Affects: fedora-all [bug 1523145]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2017:3401 https://access.redhat.com/errata/RHSA-2017:3401
---
Upstream details:
Bug: https://bugzilla.gnome.org/show_bug.cgi?id=783160
Patch: https://git.gnome.org/browse/libxml2/commit
http://www.securitytracker.com/id/1040348https://access.redhat.com/errata/RHSA-2017:3401https://access.redhat.com/errata/RHSA-2018:0287https://bugzilla.gnome.org/show_bug.cgi?id=783160https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.htmlhttps://crbug.com/727039https://lists.debian.org/debian-lts-announce/2017/12/msg00014.htmlhttps://security.gentoo.org/glsa/201801-03https://www.debian.org/security/2018/dsa-4086http://www.securitytracker.com/id/1040348https://access.redhat.com/errata/RHSA-2017:3401https://access.redhat.com/errata/RHSA-2018:0287https://bugzilla.gnome.org/show_bug.cgi?id=783160https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.htmlhttps://crbug.com/727039https://lists.debian.org/debian-lts-announce/2017/12/msg00014.htmlhttps://security.gentoo.org/glsa/201801-03https://www.debian.org/security/2018/dsa-4086
2018-08-28
Published