High severity7.5NVD Advisory· Published Nov 23, 2017· Updated May 13, 2026
CVE-2017-16932
CVE-2017-16932
Description
parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
nokogiriRubyGems | < 1.8.1 | 1.8.1 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
17- github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961nvdPatchThird Party AdvisoryWEB
- xmlsoft.org/news.htmlnvdRelease NotesVendor AdvisoryWEB
- github.com/advisories/GHSA-x2fm-93ww-ggvxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-16932ghsaADVISORY
- blog.clamav.net/2018/07/clamav-01001-has-been-released.htmlnvdWEB
- bugzilla.gnome.org/show_bug.cginvdPermissions RequiredWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2017-16932.ymlghsaWEB
- github.com/sparklemotion/nokogiri/issues/1714ghsaWEB
- lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3EnvdWEB
- lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3EnvdWEB
- lists.debian.org/debian-lts-announce/2017/11/msg00041.htmlnvdWEB
- lists.debian.org/debian-lts-announce/2022/04/msg00004.htmlnvdWEB
- usn.ubuntu.com/3739-1ghsaWEB
- gitlab.gnome.org/GNOME/libxml2/-/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961nvd
- lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Envd
- lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Envd
- usn.ubuntu.com/3739-1/nvd
News mentions
0No linked articles in our index yet.