CVE-2017-9048

NameCVE-2017-9048
Descriptionlibxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1008-1, DSA-3952-1
NVD severitymedium (attack range: remote)
Debian Bugs863021

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libxml2 (PTS)wheezy2.8.0+dfsg1-7+wheezy5vulnerable
wheezy (security)2.8.0+dfsg1-7+wheezy11fixed
jessie (security), jessie2.9.1+dfsg1-5+deb8u5fixed
stretch (security), stretch2.9.4+dfsg1-2.2+deb9u1fixed
buster, sid2.9.4+dfsg1-5.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libxml2source(unstable)2.9.4+dfsg1-3.1medium863021
libxml2sourcejessie2.9.1+dfsg1-5+deb8u5mediumDSA-3952-1
libxml2sourcestretch2.9.4+dfsg1-2.2+deb9u1mediumDSA-3952-1
libxml2sourcewheezy2.8.0+dfsg1-7+wheezy8mediumDLA-1008-1

Notes

https://bugzilla.gnome.org/show_bug.cgi?id=781701 (not public)
http://www.openwall.com/lists/oss-security/2017/05/15/1
Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74

Search for package or bug name: Reporting problems