DEBIAN-CVE-2017-9049

Advisory lineage Upstream: 1 Downstream: 2

Upstream

CVE-2017-9049

Downstream

DLA-1008-1 DSA-3952-1

Published: 18 May 2017, 06:29

Last modified:28 Apr 2026, 20:17

Vulnerability Summary

Overall Risk (default)

medium

30/100

CVSS Score

7.5 HIGH

3.0 (osv_debian)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

18 May 2017, 06:29

Published

Vulnerability first disclosed

28 Apr 2026, 20:17

Last Modified

Vulnerability information updated

Description

libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.

CVSS Metrics

v3.0•HIGH•Score: 7.5CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Systems

debian•libxml2
< 2.9.4+dfsg1-3.1 | < 2.9.4+dfsg1-3.1 | < 2.9.4+dfsg1-3.1 | < 2.9.4+dfsg1-3.1

References (1)

https://security-tracker.debian.org/tracker/CVE-2017-9049