CVE-2017-5130
Description
Integer overflow in libxml2 (before 2.9.5) allows remote attackers to cause heap corruption via crafted XML, affecting products like Google Chrome prior to 62.0.3202.62.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Integer overflow in libxml2 (before 2.9.5) allows remote attackers to cause heap corruption via crafted XML, affecting products like Google Chrome prior to 62.0.3202.62.
Vulnerability
An integer overflow vulnerability exists in the xmlmemory.c file of libxml2 prior to version 2.9.5. This flaw allows a remote attacker to cause heap corruption by providing a specially crafted XML file. The vulnerable library is used by Google Chrome (prior to 62.0.3202.62) and other products [1][2].
Exploitation
An attacker can exploit this vulnerability by crafting a malicious XML file that triggers an integer overflow when parsed by libxml2. No special authentication or user interaction beyond opening the file (e.g., via a web page in Chrome) is required. The attacker only needs to deliver the malicious file to the target, which can be done through a web page or other means [1][2].
Impact
Successful exploitation leads to heap corruption, which can be leveraged by an attacker to execute arbitrary code, crash the application, or obtain sensitive information. The redhat advisory lists the severity as Important, with potential for arbitrary code execution [1][2].
Mitigation
Google Chrome was fixed in version 62.0.3202.62 [1][2]. The Gentoo advisory recommends upgrading to >=www-client/chromium-62.0.3202.62 or >=www-client/google-chrome-62.0.3202.62 [2]. The underlying libxml2 library is fixed in version 2.9.5 [3]. Users should update affected products to these versions. No workaround is available [2].
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
25- Range: <2.9.5
- osv-coords23 versionspkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweedpkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2012%20SP2pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3
< 93.0.4577.82-1.1+ 22 more
- (no CPE)range: < 93.0.4577.82-1.1
- (no CPE)range: < 63.0.3239.84-40.1
- (no CPE)range: < 2.9.4-46.12.1
- (no CPE)range: < 2.9.4-46.12.1
- (no CPE)range: < 2.7.6-0.77.10.1
- (no CPE)range: < 2.9.4-46.12.1
- (no CPE)range: < 2.9.4-46.12.1
- (no CPE)range: < 2.9.4-46.12.1
- (no CPE)range: < 2.7.6-0.77.10.1
- (no CPE)range: < 2.9.4-46.12.1
- (no CPE)range: < 2.9.4-46.12.1
- (no CPE)range: < 2.7.6-0.77.10.1
- (no CPE)range: < 2.9.4-46.12.1
- (no CPE)range: < 2.9.4-46.12.1
- (no CPE)range: < 2.7.6-0.77.10.1
- (no CPE)range: < 2.7.6-0.77.10.1
- (no CPE)range: < 2.9.4-46.12.1
- (no CPE)range: < 2.9.4-46.12.1
- (no CPE)range: < 2.9.4-46.12.1
- (no CPE)range: < 2.9.4-46.12.1
- (no CPE)range: < 2.9.4-46.12.1
- (no CPE)range: < 2.9.4-46.12.1
- (no CPE)range: < 2.9.4-46.12.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
11- access.redhat.com/errata/RHSA-2017:2997mitrevendor-advisoryx_refsource_REDHAT
- security.gentoo.org/glsa/201710-24mitrevendor-advisoryx_refsource_GENTOO
- bugzilla.gnome.org/show_bug.cgimitrex_refsource_MISC
- www.securityfocus.com/bid/101482mitrevdb-entryx_refsource_BID
- chromereleases.googleblog.com/2017/10/stable-channel-update-for-desktop.htmlmitrex_refsource_MISC
- crbug.com/722079mitrex_refsource_MISC
- git.gnome.org/browse/libxml2/commit/mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2017/11/msg00034.htmlmitremailing-listx_refsource_MLIST
- lists.debian.org/debian-lts-announce/2022/04/msg00004.htmlmitremailing-listx_refsource_MLIST
- security.netapp.com/advisory/ntap-20190719-0001/mitrex_refsource_CONFIRM
- www.oracle.com/security-alerts/cpuapr2020.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.