CVE-2017-16931

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2017-16931
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-16931.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-16931
Downstream
Published
2017-11-23T21:29:00.390Z
Modified
2025-11-27T20:16:41.182293Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.

References

Affected packages

Git / github.com/gnome/libxml2

Affected ranges

Type
GIT
Repo
https://github.com/gnome/libxml2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
e26630548e7d138d2c560844c43820b6767251e3

Affected versions

Other

CVE-2013-2877
CVE-2014-0191
CVE-2014-3660
CVE-2015-1819
CVE-2015-5312
CVE-2015-7497
CVE-2015-7498
CVE-2015-7499-1
CVE-2015-7499-2
CVE-2015-7500
CVE-2015-7941_1
CVE-2015-7941_2
CVE-2015-7942
CVE-2015-7942-2
CVE-2015-8035
CVE-2015-8242
CVE-2015-8317
CVE-2016-1762
CVE-2016-1833
CVE-2016-1834
CVE-2016-1835
CVE-2016-1836
CVE-2016-1837
CVE-2016-1838
CVE-2016-1839
CVE-2016-1840
CVE-2016-3627
CVE-2016-3705
CVE-2016-4449
CVE-2016-4483
EAZEL-NAUTILUS-MS-AUG07
FOR_GNOME_0_99_1
GNOME_0_30
GNOME_PRINT_0_24
GNUMERIC_FIRST_PUBLIC_RELEASE
LIBXML2_2_4_21
LIBXML2_2_5_0
LIBXML2_2_5_10
LIBXML2_2_5_7
LIBXML2_2_5_8
LIBXML2_2_5_9
LIBXML2_2_5_x
LIBXML2_2_6_1
LIBXML2_2_6_11
LIBXML2_2_6_12
LIBXML2_2_6_13
LIBXML2_2_6_14
LIBXML2_2_6_15
LIBXML2_2_6_16
LIBXML2_2_6_18
LIBXML2_2_6_19
LIBXML2_2_6_2
LIBXML2_2_6_20
LIBXML2_2_6_21
LIBXML2_2_6_22
LIBXML2_2_6_23
LIBXML2_2_6_24
LIBXML2_2_6_26
LIBXML2_2_6_27
LIBXML2_2_6_28
LIBXML2_2_6_3
LIBXML2_2_6_4
LIBXML2_2_6_5
LIBXML2_2_6_6
LIBXML2_2_6_7
LIBXML2_2_6_8
LIBXML2_2_6_9
LIBXML2_6_0
LIBXML_0_99
LIBXML_1_5_0
LIBXML_1_8_5
LIBXML_1_8_6
LIBXML_2_0_0
LIBXML_2_1_0
LIBXML_2_1_1
LIBXML_2_2_1
LIBXML_2_2_3
LIBXML_2_2_4
LIBXML_2_2_6
LIBXML_2_2_7
LIBXML_2_2_8
LIBXML_2_3_0
LIBXML_2_3_10
LIBXML_2_3_11
LIBXML_2_3_12
LIBXML_2_3_13
LIBXML_2_3_14
LIBXML_2_3_2
LIBXML_2_3_3
LIBXML_2_3_4
LIBXML_2_3_5
LIBXML_2_3_6
LIBXML_2_3_7
LIBXML_2_3_8
LIBXML_2_3_9
LIBXML_2_4_0
LIBXML_2_4_11
LIBXML_2_4_12
LIBXML_2_4_13
LIBXML_2_4_14
LIBXML_2_4_16
LIBXML_2_4_18
LIBXML_2_4_2
LIBXML_2_4_20
LIBXML_2_4_22
LIBXML_2_4_23
LIBXML_2_4_24
LIBXML_2_4_25
LIBXML_2_4_26
LIBXML_2_4_27
LIBXML_2_4_29
LIBXML_2_4_3
LIBXML_2_4_30
LIBXML_2_4_4
LIBXML_2_4_6
LIBXML_2_4_7
LIBXML_2_5_1
LIBXML_2_5_2
LIBXML_2_5_3
LIBXML_2_5_4
LIBXML_2_5_5
LIBXML_2_5_6
LIBXML_2_6_10
LIBXML_TEST_2_0_0
LIB_XML_1_1
LIB_XML_1_3
LIB_XML_1_4
LIB_XML_1_6_1
LIB_XML_1_6_2
LIB_XML_1_7_0
LIB_XML_1_7_1
LIB_XML_1_7_3
LIB_XML_1_8_3
LIB_XML_1_X
PRE_MUCKUP
PRE_MUCKUP2
PRE_MUCKUP3
help

LIBXML2.*

LIBXML2.6.32
LIBXML2.7.0
LIBXML2.7.1
LIBXML2.7.2
LIBXML2.7.3

v2.*

v2.7.4
v2.7.5
v2.7.6
v2.7.7
v2.7.8
v2.8.0
v2.8.0-rc1
v2.8.0-rc2
v2.9.0
v2.9.0-rc2
v2.9.1
v2.9.2
v2.9.2-rc1
v2.9.2-rc2
v2.9.3
v2.9.4
v2.9.4-rc1
v2.9.4-rc2

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/gnome/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3",
        "id": "CVE-2017-16931-3a53828c",
        "target": {
            "function": "xmlParseNameComplex",
            "file": "parser.c"
        },
        "signature_type": "Function",
        "deprecated": false,
        "digest": {
            "length": 3335.0,
            "function_hash": "210605809765944378917854729203525783015"
        },
        "signature_version": "v1"
    },
    {
        "source": "https://github.com/gnome/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3",
        "id": "CVE-2017-16931-c376838f",
        "target": {
            "file": "parser.c"
        },
        "signature_type": "Line",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "321780744338373139216383066776118678571",
                "193394217698176117924462138754953128917",
                "219199401384121789600305761323488440824",
                "88851348254524349449678467266522070660",
                "157597224603136386282450988069217476870",
                "19855144304639628314796721746885134914",
                "323988820381210717415990303595243015079",
                "329426995485422099316024086697991482099",
                "52549199186299651152682707572107794626",
                "323092953397564161366148079546329944073",
                "243720731521092380864544559296893608539",
                "330999365108626613673530721650705059777",
                "146497885415554640956070015480748499161",
                "280444053396215187125532044715530328091",
                "4638933523313820251889122397867935822",
                "275517130777015014484199789213992933171",
                "262363592735731469533689210574560871068",
                "45321395357488527520197494189291380316"
            ]
        },
        "signature_version": "v1"
    },
    {
        "source": "https://github.com/gnome/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3",
        "id": "CVE-2017-16931-c8e6c76e",
        "target": {
            "file": "runtest.c"
        },
        "signature_type": "Line",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "120106281315346925913239292963609570109",
                "155289400619119057648711203983393995181",
                "115413045613539599573495460480667324968",
                "122075135248506104263652523776532145904"
            ]
        },
        "signature_version": "v1"
    }
]

Git / gitlab.gnome.org/GNOME/libxml2

Affected ranges

Type
GIT
Repo
https://gitlab.gnome.org/GNOME/libxml2
Events
Introduced
0 Unknown introduced commit / All previous commits are affected