CVE-2017-8872: Out-of-bounds Read

May 10, 2017 (updated September 10, 2020)

The htmlParseTryOrFinish function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (buffer over-read) or information disclosure.

References

bugzilla.gnome.org/show_bug.cgi?id=775200
lists.debian.org/debian-lts-announce/2020/09/msg00009.html
nvd.nist.gov/vuln/detail/CVE-2017-8872

Detect and mitigate CVE-2017-8872 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →