CVE-2017-18926 — Out-of-bounds Write in Raptor RDF Syntax Library

CWE-787 — Out-of-bounds Write CWE-122 — Heap-based Buffer Overflow8 documents6 sources

Severity

7.1HIGHNVD

EPSS

2.9%

top 13.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Librdf Raptor RDF Syntax Library Debian Raptor2 Debian Linux +1 more

Timeline

PublishedNov 6

Latest updateNov 10

Description

raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:HExploitability: 2.8 | Impact: 4.2

Affected Packages3 packages

▶Ubuntulibrdf/raptor_rdf_syntax_library< 1.4.21-11ubuntu0.1~esm1

▶NVDlibrdf/raptor_rdf_syntax_library2.0.15

▶debiandebian/raptor2< raptor2 2.0.14-1.1 (bookworm)

Also affects: Debian Linux 10.0, 9.0, Fedora 31, 32, 33

Patches

Patch: github.com ↗Patch: www.openwall.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

raptor vulnerabilities↗2025-11-10

▶

GHSA

GHSA-p2vv-g8rx-7jqj: raptor_xml_writer_start_element_common in raptor_xml_writer↗2022-05-24

▶

OSV

CVE-2017-18926: raptor_xml_writer_start_element_common in raptor_xml_writer↗2020-11-06

▶

📋Vendor Advisories

Ubuntu

Raptor vulnerabilities↗2025-11-10

▶

Ubuntu

Raptor vulnerability↗2020-11-11

▶

Red Hat

raptor: heap-based buffer overflows due to an error in calculating the maximum nspace declarations for the XML writer↗2017-06-07

▶

Debian

CVE-2017-18926: raptor2 - raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Synt...↗2017

▶