High severity7.5NVD Advisory· Published May 18, 2017· Updated Jun 17, 2026
CVE-2017-9049
CVE-2017-9049
Description
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
30- osv-coords29 versionspkg:rpm/opensuse/libxml2&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/libxml2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/libxml2-python&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/python-libxml2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2
< 2.9.12-1.2+ 28 more
- (no CPE)range: < 2.9.12-1.2
- (no CPE)range: < 2.9.4-36.1
- (no CPE)range: < 2.7.6-0.69.1
- (no CPE)range: < 2.7.6-0.69.1
- (no CPE)range: < 2.7.6-0.69.1
- (no CPE)range: < 2.7.6-0.69.1
- (no CPE)range: < 2.9.1-26.15.1
- (no CPE)range: < 2.9.4-36.1
- (no CPE)range: < 2.9.1-26.15.1
- (no CPE)range: < 2.9.4-36.1
- (no CPE)range: < 2.7.6-0.69.1
- (no CPE)range: < 2.9.1-26.15.1
- (no CPE)range: < 2.9.1-26.15.1
- (no CPE)range: < 2.9.4-36.1
- (no CPE)range: < 2.7.6-0.69.1
- (no CPE)range: < 2.9.4-36.1
- (no CPE)range: < 2.7.6-0.69.3
- (no CPE)range: < 2.7.6-0.69.3
- (no CPE)range: < 2.7.6-0.69.3
- (no CPE)range: < 2.7.6-0.69.3
- (no CPE)range: < 2.7.6-0.69.3
- (no CPE)range: < 2.9.4-36.1
- (no CPE)range: < 2.9.1-26.15.1
- (no CPE)range: < 2.9.4-36.1
- (no CPE)range: < 2.9.1-26.15.1
- (no CPE)range: < 2.9.4-36.1
- (no CPE)range: < 2.9.1-26.15.1
- (no CPE)range: < 2.9.1-26.15.1
- (no CPE)range: < 2.9.4-36.1
Patches
Vulnerability mechanics
References
6- www.openwall.com/lists/oss-security/2017/05/15/1nvdExploitMailing ListPatchThird Party Advisory
- www.securityfocus.com/bid/98601nvdThird Party AdvisoryVDB Entry
- www.debian.org/security/2017/dsa-3952nvd
- lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Envd
- lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Envd
- security.gentoo.org/glsa/201711-01nvd
News mentions
0No linked articles in our index yet.