VYPR
← All advisories
High severity7.8NVD Advisory· Published Jun 14, 2017· Updated May 13, 2026

CVE-2017-0663

CVE-2017-0663

Description

A remote code execution vulnerability in libxml2 allows attackers to execute arbitrary code via a specially crafted file in Android applications.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A remote code execution vulnerability in libxml2 allows attackers to execute arbitrary code via a specially crafted file in Android applications.

Vulnerability

The vulnerability resides in the libxml2 library, which is used for parsing XML in Android. A specially crafted XML file can trigger a memory corruption error. This affects Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, and 7.1.2 [1].

Exploitation

An attacker can exploit this vulnerability by convincing a user to process a malicious XML document, typically via a web page or application that uses libxml2. No authentication is required, and the attack can be performed remotely [2].

Impact

Successful exploitation allows arbitrary code execution within the context of an unprivileged process. This could lead to disclosure of sensitive data, modification of files, or further compromise of the device [1][2].

Mitigation

Google released patches in the June 2017 Android Security Bulletin [1]. For non-Android systems, the Gentoo advisory recommends upgrading to libxml2 version 2.9.4-r3 or later [2].

References
  1. Android Security Bulletin—June 2017
  2. Multiple vulnerabilities (GLSA 201711-01) — Gentoo security

AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

24

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

7

News mentions

0

No linked articles in our index yet.