High severity8.8NVD Advisory· Published Aug 28, 2018· Updated Jun 17, 2026
CVE-2017-15412
CVE-2017-15412
Description
Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
nokogiriRubyGems | < 1.8.2 | 1.8.2 |
Affected products
26- ghsa-coords26 versionspkg:gem/nokogiripkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ruby3.2-rubygem-nokogiri&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/rubygem-nokogiri&distro=openSUSE%20Tumbleweedpkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012%20SP2pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3
< 1.8.2+ 25 more
- (no CPE)range: < 1.8.2
- (no CPE)range: < 93.0.4577.82-1.1
- (no CPE)range: < 1.13.9-1.7
- (no CPE)range: < 1.13.3-1.1
- (no CPE)range: < 63.0.3239.84-40.1
- (no CPE)range: < 2.9.4-46.12.1
- (no CPE)range: < 2.9.4-46.12.1
- (no CPE)range: < 2.7.6-0.77.10.1
- (no CPE)range: < 2.9.4-46.12.1
- (no CPE)range: < 2.9.4-46.12.1
- (no CPE)range: < 2.9.4-46.12.1
- (no CPE)range: < 2.7.6-0.77.10.1
- (no CPE)range: < 2.9.4-46.12.1
- (no CPE)range: < 2.9.4-46.12.1
- (no CPE)range: < 2.7.6-0.77.10.1
- (no CPE)range: < 2.9.4-46.12.1
- (no CPE)range: < 2.9.4-46.12.1
- (no CPE)range: < 2.7.6-0.77.10.1
- (no CPE)range: < 2.7.6-0.77.10.1
- (no CPE)range: < 2.9.4-46.12.1
- (no CPE)range: < 2.9.4-46.12.1
- (no CPE)range: < 2.9.4-46.12.1
- (no CPE)range: < 2.9.4-46.12.1
- (no CPE)range: < 2.9.4-46.12.1
- (no CPE)range: < 2.9.4-46.12.1
- (no CPE)range: < 2.9.4-46.12.1
Patches
Vulnerability mechanics
References
14- github.com/advisories/GHSA-r58r-74gx-6wx3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-15412ghsaADVISORY
- access.redhat.com/errata/RHSA-2017:3401nvdWEB
- access.redhat.com/errata/RHSA-2018:0287nvdWEB
- bugzilla.gnome.org/show_bug.cginvdWEB
- chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.htmlnvdWEB
- crbug.com/727039nvdWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-15412.ymlghsaWEB
- github.com/sparklemotion/nokogiri/issues/1714ghsaWEB
- lists.debian.org/debian-lts-announce/2017/12/msg00014.htmlnvdWEB
- security.gentoo.org/glsa/201801-03nvdWEB
- web.archive.org/web/20201208155618/http://www.securitytracker.com/id/1040348ghsaWEB
- www.debian.org/security/2018/dsa-4086nvdWEB
- www.securitytracker.com/id/1040348nvd
News mentions
0No linked articles in our index yet.