CVE-2017-0663
libxml2 - security update
7.8
HIGH
CVSS 3.1
EPSS 0.89%
Description
A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.
How to fix CVE-2017-0663
To remediate CVE-2017-0663, upgrade the affected package to a fixed version below.
- —upgrade to 2.9.4+dfsg1-3.1 or later
- —upgrade to 2.8.0+dfsg1-7+wheezy9 or later
- —upgrade to 2.9.1+dfsg1-5+deb8u5 or later
Is CVE-2017-0663 being exploited?
Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 2.9.4+dfsg1-3.1
- from 0, < 2.8.0+dfsg1-7+wheezy9
- from 0, < 2.9.1+dfsg1-5+deb8u5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |