CVE-2017-5130

CWE-787Out-of-bounds WriteCWE-190Integer Overflow15 documents9 sources
Severity
8.8HIGH
EPSS
1.2%
top 21.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Google ChromeXmlsoft Libxml2Debian Debian Linux
Timeline
PublishedFeb 7
Latest updateMay 13

Description

An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in Google Chrome prior to 62.0.3202.62 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted XML file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

CVEListV5google_chrome_prior_to_62.0.3202.62Google Chrome prior to 62.0.3202.62
NVDgoogle/chrome< 62.0.3202.62
NVDxmlsoft/libxml2< 2.9.5
Debianlibxml2< 2.9.4+dfsg1-5.1+3

Also affects: Debian Linux 8.0, 9.0

🔴Vulnerability Details

3
GHSA
GHSA-6vrj-w635-63jg: An integer overflow in xmlmemory2022-05-13
OSV
CVE-2017-5130: An integer overflow in xmlmemory2018-02-07
CVEList
CVE-2017-5130: An integer overflow in xmlmemory2018-02-07

📋Vendor Advisories

10
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: Web Listener (LibXML2) — CVE-2017-51302020-04-15
Apple
CVE-2017-5130: macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan2017-10-31
Red Hat
chromium-browser: heap overflow in libxml22017-10-17
Apple
CVE-2017-5130: iCloud for Windows 7.02017-09-25
Apple
CVE-2017-5130: macOS High Sierra 10.132017-09-25

💬Community

1
Bugzilla
CVE-2017-5130 chromium-browser: heap overflow in libxml22017-10-18
CVE-2017-5130 (HIGH CVSS 8.8) | An integer overflow in xmlmemory.c | cvebase.io