vulnerability
Oracle Linux: CVE-2017-15412: ELSA-2020-1190: libxml2 security update (MODERATE)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Dec 6, 2017 | Oct 5, 2022 | Dec 3, 2025 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Dec 6, 2017
Added
Oct 5, 2022
Modified
Dec 3, 2025
Description
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
A use-after-free flaw was found in the libxml2 library. An attacker could use this flaw to cause an application linked against libxml2 to crash when parsing a specially crafted XML file.
A use-after-free flaw was found in the libxml2 library. An attacker could use this flaw to cause an application linked against libxml2 to crash when parsing a specially crafted XML file.
Solutions
oracle-linux-upgrade-libxml2oracle-linux-upgrade-libxml2-develoracle-linux-upgrade-libxml2-pythonoracle-linux-upgrade-libxml2-static
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.