Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/libxml2@2.9.4%2Bdfsg1-3.1?distro=trixie
Typedeb
Namespacedebian
Namelibxml2
Version2.9.4+dfsg1-3.1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.9.4+dfsg1-5.1
Latest_non_vulnerable_version2.15.3+dfsg-1
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-1vsu-txd5-qbf3
vulnerability_id VCID-1vsu-txd5-qbf3
summary 
Out-of-bounds Read
libxml2 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9049.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9049.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-9049
reference_id
reference_type
scores
0
value 0.00458
scoring_system epss
scoring_elements 0.64318
published_at 2026-06-04T12:55:00Z
1
value 0.00458
scoring_system epss
scoring_elements 0.64371
published_at 2026-06-06T12:55:00Z
2
value 0.00458
scoring_system epss
scoring_elements 0.64363
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-9049
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1452556
reference_id 1452556
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1452556
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863019
reference_id 863019
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863019
12
reference_url http://www.securityfocus.com/bid/98601
reference_id 98601
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:20:28Z/
url http://www.securityfocus.com/bid/98601
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-9049
reference_id CVE-2017-9049
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-9049
14
reference_url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
reference_id r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:20:28Z/
url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
reference_id rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:20:28Z/
url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
16
reference_url https://usn.ubuntu.com/3424-1/
reference_id USN-3424-1
reference_type
scores
url https://usn.ubuntu.com/3424-1/
17
reference_url https://usn.ubuntu.com/3424-2/
reference_id USN-3424-2
reference_type
scores
url https://usn.ubuntu.com/3424-2/
fixed_packages
0
url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-3.1?distro=trixie
purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-3.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-3.1%3Fdistro=trixie
1
url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d47v-hstc-wqc1
1
vulnerability VCID-k5ns-qsh8-9ufj
2
vulnerability VCID-kqv4-tkg9-6ugb
3
vulnerability VCID-p5kk-3yg6-yucb
4
vulnerability VCID-rymj-pnfv-3khf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie
2
url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie
purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d47v-hstc-wqc1
1
vulnerability VCID-k5ns-qsh8-9ufj
2
vulnerability VCID-kqv4-tkg9-6ugb
3
vulnerability VCID-p5kk-3yg6-yucb
4
vulnerability VCID-rymj-pnfv-3khf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie
3
url pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d47v-hstc-wqc1
1
vulnerability VCID-k5ns-qsh8-9ufj
2
vulnerability VCID-kqv4-tkg9-6ugb
3
vulnerability VCID-p5kk-3yg6-yucb
4
vulnerability VCID-rymj-pnfv-3khf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie
purl pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k5ns-qsh8-9ufj
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie
5
url pkg:deb/debian/libxml2@2.15.3%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/libxml2@2.15.3%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.3%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2017-9049
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1vsu-txd5-qbf3
1
url VCID-1zr7-kx71-tkcr
vulnerability_id VCID-1zr7-kx71-tkcr
summary 
Improper Restriction of XML External Entity Reference
A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7375.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7375.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-7375
reference_id
reference_type
scores
0
value 0.00443
scoring_system epss
scoring_elements 0.63676
published_at 2026-06-06T12:55:00Z
1
value 0.00443
scoring_system epss
scoring_elements 0.63626
published_at 2026-06-04T12:55:00Z
2
value 0.00443
scoring_system epss
scoring_elements 0.63668
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-7375
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:N/A:P
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url http://www.securitytracker.com/id/1038623
reference_id 1038623
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/
url http://www.securitytracker.com/id/1038623
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1462203
reference_id 1462203
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=1462203
12
reference_url https://source.android.com/security/bulletin/2017-06-01
reference_id 2017-06-01
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/
url https://source.android.com/security/bulletin/2017-06-01
13
reference_url https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa
reference_id 308396a55280f69ad4112d4f9892f4cbeff042aa
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/
url https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870867
reference_id 870867
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870867
15
reference_url http://www.securityfocus.com/bid/98877
reference_id 98877
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/
url http://www.securityfocus.com/bid/98877
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7375
reference_id CVE-2017-7375
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7375
17
reference_url https://www.debian.org/security/2017/dsa-3952
reference_id dsa-3952
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/
url https://www.debian.org/security/2017/dsa-3952
18
reference_url https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e
reference_id ?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/
url https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e
19
reference_url https://usn.ubuntu.com/3424-1/
reference_id USN-3424-1
reference_type
scores
url https://usn.ubuntu.com/3424-1/
20
reference_url https://usn.ubuntu.com/3424-2/
reference_id USN-3424-2
reference_type
scores
url https://usn.ubuntu.com/3424-2/
fixed_packages
0
url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-3.1?distro=trixie
purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-3.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-3.1%3Fdistro=trixie
1
url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d47v-hstc-wqc1
1
vulnerability VCID-k5ns-qsh8-9ufj
2
vulnerability VCID-kqv4-tkg9-6ugb
3
vulnerability VCID-p5kk-3yg6-yucb
4
vulnerability VCID-rymj-pnfv-3khf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie
2
url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie
purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d47v-hstc-wqc1
1
vulnerability VCID-k5ns-qsh8-9ufj
2
vulnerability VCID-kqv4-tkg9-6ugb
3
vulnerability VCID-p5kk-3yg6-yucb
4
vulnerability VCID-rymj-pnfv-3khf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie
3
url pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d47v-hstc-wqc1
1
vulnerability VCID-k5ns-qsh8-9ufj
2
vulnerability VCID-kqv4-tkg9-6ugb
3
vulnerability VCID-p5kk-3yg6-yucb
4
vulnerability VCID-rymj-pnfv-3khf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie
purl pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k5ns-qsh8-9ufj
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie
5
url pkg:deb/debian/libxml2@2.15.3%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/libxml2@2.15.3%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.3%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2017-7375
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1zr7-kx71-tkcr
2
url VCID-eh92-k5tc-vyab
vulnerability_id VCID-eh92-k5tc-vyab
summary 
Improper Restriction of Operations within the Bounds of a Memory Buffer
libxml2 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9048.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9048.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-9048
reference_id
reference_type
scores
0
value 0.00601
scoring_system epss
scoring_elements 0.69868
published_at 2026-06-04T12:55:00Z
1
value 0.00601
scoring_system epss
scoring_elements 0.69916
published_at 2026-06-06T12:55:00Z
2
value 0.00601
scoring_system epss
scoring_elements 0.69908
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-9048
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1452549
reference_id 1452549
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1452549
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863021
reference_id 863021
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863021
12
reference_url http://www.securityfocus.com/bid/98556
reference_id 98556
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T11:40:41Z/
url http://www.securityfocus.com/bid/98556
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-9048
reference_id CVE-2017-9048
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-9048
14
reference_url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
reference_id r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T11:40:41Z/
url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
reference_id rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T11:40:41Z/
url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
16
reference_url https://usn.ubuntu.com/3424-1/
reference_id USN-3424-1
reference_type
scores
url https://usn.ubuntu.com/3424-1/
17
reference_url https://usn.ubuntu.com/3424-2/
reference_id USN-3424-2
reference_type
scores
url https://usn.ubuntu.com/3424-2/
fixed_packages
0
url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-3.1?distro=trixie
purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-3.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-3.1%3Fdistro=trixie
1
url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d47v-hstc-wqc1
1
vulnerability VCID-k5ns-qsh8-9ufj
2
vulnerability VCID-kqv4-tkg9-6ugb
3
vulnerability VCID-p5kk-3yg6-yucb
4
vulnerability VCID-rymj-pnfv-3khf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie
2
url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie
purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d47v-hstc-wqc1
1
vulnerability VCID-k5ns-qsh8-9ufj
2
vulnerability VCID-kqv4-tkg9-6ugb
3
vulnerability VCID-p5kk-3yg6-yucb
4
vulnerability VCID-rymj-pnfv-3khf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie
3
url pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d47v-hstc-wqc1
1
vulnerability VCID-k5ns-qsh8-9ufj
2
vulnerability VCID-kqv4-tkg9-6ugb
3
vulnerability VCID-p5kk-3yg6-yucb
4
vulnerability VCID-rymj-pnfv-3khf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie
purl pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k5ns-qsh8-9ufj
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie
5
url pkg:deb/debian/libxml2@2.15.3%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/libxml2@2.15.3%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.3%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2017-9048
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eh92-k5tc-vyab
3
url VCID-frer-xevm-x7f7
vulnerability_id VCID-frer-xevm-x7f7
summary 
Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7376.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7376.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-7376
reference_id
reference_type
scores
0
value 0.38332
scoring_system epss
scoring_elements 0.97316
published_at 2026-06-04T12:55:00Z
1
value 0.38332
scoring_system epss
scoring_elements 0.9732
published_at 2026-06-05T12:55:00Z
2
value 0.38332
scoring_system epss
scoring_elements 0.97322
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-7376
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2.6
scoring_system cvssv2
scoring_elements AV:N/AC:H/Au:N/C:N/I:N/A:P
1
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1462216
reference_id 1462216
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1462216
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870865
reference_id 870865
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870865
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-7376
reference_id CVE-2017-7376
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-7376
13
reference_url https://usn.ubuntu.com/3424-1/
reference_id USN-3424-1
reference_type
scores
url https://usn.ubuntu.com/3424-1/
14
reference_url https://usn.ubuntu.com/3424-2/
reference_id USN-3424-2
reference_type
scores
url https://usn.ubuntu.com/3424-2/
fixed_packages
0
url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-3.1?distro=trixie
purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-3.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-3.1%3Fdistro=trixie
1
url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d47v-hstc-wqc1
1
vulnerability VCID-k5ns-qsh8-9ufj
2
vulnerability VCID-kqv4-tkg9-6ugb
3
vulnerability VCID-p5kk-3yg6-yucb
4
vulnerability VCID-rymj-pnfv-3khf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie
2
url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie
purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d47v-hstc-wqc1
1
vulnerability VCID-k5ns-qsh8-9ufj
2
vulnerability VCID-kqv4-tkg9-6ugb
3
vulnerability VCID-p5kk-3yg6-yucb
4
vulnerability VCID-rymj-pnfv-3khf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie
3
url pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d47v-hstc-wqc1
1
vulnerability VCID-k5ns-qsh8-9ufj
2
vulnerability VCID-kqv4-tkg9-6ugb
3
vulnerability VCID-p5kk-3yg6-yucb
4
vulnerability VCID-rymj-pnfv-3khf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie
purl pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k5ns-qsh8-9ufj
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie
5
url pkg:deb/debian/libxml2@2.15.3%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/libxml2@2.15.3%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.3%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2017-7376
risk_score 2.6
exploitability 0.5
weighted_severity 5.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-frer-xevm-x7f7
4
url VCID-jtkn-83hh-x3et
vulnerability_id VCID-jtkn-83hh-x3et
summary 
Out-of-bounds Read
libxml2 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9050.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9050.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-9050
reference_id
reference_type
scores
0
value 0.00313
scoring_system epss
scoring_elements 0.54753
published_at 2026-06-04T12:55:00Z
1
value 0.00313
scoring_system epss
scoring_elements 0.54821
published_at 2026-06-06T12:55:00Z
2
value 0.00313
scoring_system epss
scoring_elements 0.54811
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-9050
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://github.com/sparklemotion/nokogiri/issues/1673
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements
url https://github.com/sparklemotion/nokogiri/issues/1673
11
reference_url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
13
reference_url https://security.gentoo.org/glsa/201711-01
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:10:54Z/
url https://security.gentoo.org/glsa/201711-01
14
reference_url http://www.debian.org/security/2017/dsa-3952
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:10:54Z/
url http://www.debian.org/security/2017/dsa-3952
15
reference_url http://www.openwall.com/lists/oss-security/2017/05/15/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:10:54Z/
url http://www.openwall.com/lists/oss-security/2017/05/15/1
16
reference_url http://www.securityfocus.com/bid/98568
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:10:54Z/
url http://www.securityfocus.com/bid/98568
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1452553
reference_id 1452553
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1452553
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863018
reference_id 863018
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863018
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-9050
reference_id CVE-2017-9050
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-9050
20
reference_url https://github.com/advisories/GHSA-8c56-cpmw-89x7
reference_id GHSA-8c56-cpmw-89x7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8c56-cpmw-89x7
21
reference_url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
reference_id r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:10:54Z/
url https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
reference_id rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:10:54Z/
url https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
23
reference_url https://usn.ubuntu.com/3424-1/
reference_id USN-3424-1
reference_type
scores
url https://usn.ubuntu.com/3424-1/
24
reference_url https://usn.ubuntu.com/3424-2/
reference_id USN-3424-2
reference_type
scores
url https://usn.ubuntu.com/3424-2/
fixed_packages
0
url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-3.1?distro=trixie
purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-3.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-3.1%3Fdistro=trixie
1
url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d47v-hstc-wqc1
1
vulnerability VCID-k5ns-qsh8-9ufj
2
vulnerability VCID-kqv4-tkg9-6ugb
3
vulnerability VCID-p5kk-3yg6-yucb
4
vulnerability VCID-rymj-pnfv-3khf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie
2
url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie
purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d47v-hstc-wqc1
1
vulnerability VCID-k5ns-qsh8-9ufj
2
vulnerability VCID-kqv4-tkg9-6ugb
3
vulnerability VCID-p5kk-3yg6-yucb
4
vulnerability VCID-rymj-pnfv-3khf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie
3
url pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d47v-hstc-wqc1
1
vulnerability VCID-k5ns-qsh8-9ufj
2
vulnerability VCID-kqv4-tkg9-6ugb
3
vulnerability VCID-p5kk-3yg6-yucb
4
vulnerability VCID-rymj-pnfv-3khf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie
purl pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k5ns-qsh8-9ufj
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie
5
url pkg:deb/debian/libxml2@2.15.3%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/libxml2@2.15.3%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.3%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2017-9050, GHSA-8c56-cpmw-89x7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jtkn-83hh-x3et
5
url VCID-msku-25sz-rbeg
vulnerability_id VCID-msku-25sz-rbeg
summary A remote code execution vulnerability in libxml2 could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37104170.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0663.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0663.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-0663
reference_id
reference_type
scores
0
value 0.00893
scoring_system epss
scoring_elements 0.75948
published_at 2026-06-04T12:55:00Z
1
value 0.00893
scoring_system epss
scoring_elements 0.75974
published_at 2026-06-05T12:55:00Z
2
value 0.00893
scoring_system epss
scoring_elements 0.75973
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-0663
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
1
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1462225
reference_id 1462225
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1462225
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870870
reference_id 870870
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870870
12
reference_url https://usn.ubuntu.com/3424-1/
reference_id USN-3424-1
reference_type
scores
url https://usn.ubuntu.com/3424-1/
13
reference_url https://usn.ubuntu.com/3424-2/
reference_id USN-3424-2
reference_type
scores
url https://usn.ubuntu.com/3424-2/
fixed_packages
0
url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-3.1?distro=trixie
purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-3.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-3.1%3Fdistro=trixie
1
url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d47v-hstc-wqc1
1
vulnerability VCID-k5ns-qsh8-9ufj
2
vulnerability VCID-kqv4-tkg9-6ugb
3
vulnerability VCID-p5kk-3yg6-yucb
4
vulnerability VCID-rymj-pnfv-3khf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie
2
url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie
purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d47v-hstc-wqc1
1
vulnerability VCID-k5ns-qsh8-9ufj
2
vulnerability VCID-kqv4-tkg9-6ugb
3
vulnerability VCID-p5kk-3yg6-yucb
4
vulnerability VCID-rymj-pnfv-3khf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie
3
url pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d47v-hstc-wqc1
1
vulnerability VCID-k5ns-qsh8-9ufj
2
vulnerability VCID-kqv4-tkg9-6ugb
3
vulnerability VCID-p5kk-3yg6-yucb
4
vulnerability VCID-rymj-pnfv-3khf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie
purl pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k5ns-qsh8-9ufj
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie
5
url pkg:deb/debian/libxml2@2.15.3%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/libxml2@2.15.3%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.3%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2017-0663
risk_score 3.6
exploitability 0.5
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-msku-25sz-rbeg
6
url VCID-x53x-k5cn-4fhv
vulnerability_id VCID-x53x-k5cn-4fhv
summary 
Improper Restriction of Operations within the Bounds of a Memory Buffer
A buffer overflow was discovered in libxml2 . The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about "size" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9047.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9047.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-9047
reference_id
reference_type
scores
0
value 0.0266
scoring_system epss
scoring_elements 0.86065
published_at 2026-06-04T12:55:00Z
1
value 0.0266
scoring_system epss
scoring_elements 0.86087
published_at 2026-06-05T12:55:00Z
2
value 0.0266
scoring_system epss
scoring_elements 0.8609
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-9047
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1452554
reference_id 1452554
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1452554
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863022
reference_id 863022
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863022
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-9047
reference_id CVE-2017-9047
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-9047
13
reference_url https://usn.ubuntu.com/3424-1/
reference_id USN-3424-1
reference_type
scores
url https://usn.ubuntu.com/3424-1/
14
reference_url https://usn.ubuntu.com/3424-2/
reference_id USN-3424-2
reference_type
scores
url https://usn.ubuntu.com/3424-2/
fixed_packages
0
url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-3.1?distro=trixie
purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-3.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-3.1%3Fdistro=trixie
1
url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d47v-hstc-wqc1
1
vulnerability VCID-k5ns-qsh8-9ufj
2
vulnerability VCID-kqv4-tkg9-6ugb
3
vulnerability VCID-p5kk-3yg6-yucb
4
vulnerability VCID-rymj-pnfv-3khf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie
2
url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie
purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d47v-hstc-wqc1
1
vulnerability VCID-k5ns-qsh8-9ufj
2
vulnerability VCID-kqv4-tkg9-6ugb
3
vulnerability VCID-p5kk-3yg6-yucb
4
vulnerability VCID-rymj-pnfv-3khf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie
3
url pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d47v-hstc-wqc1
1
vulnerability VCID-k5ns-qsh8-9ufj
2
vulnerability VCID-kqv4-tkg9-6ugb
3
vulnerability VCID-p5kk-3yg6-yucb
4
vulnerability VCID-rymj-pnfv-3khf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie
purl pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k5ns-qsh8-9ufj
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie
5
url pkg:deb/debian/libxml2@2.15.3%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/libxml2@2.15.3%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.3%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2017-9047
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x53x-k5cn-4fhv
7
url VCID-zezc-xfmm-cqcg
vulnerability_id VCID-zezc-xfmm-cqcg
summary 
Improper Restriction of Operations within the Bounds of a Memory Buffer
parser.c in libxml2 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16931.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16931.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-16931
reference_id
reference_type
scores
0
value 0.01443
scoring_system epss
scoring_elements 0.81079
published_at 2026-06-04T12:55:00Z
1
value 0.01443
scoring_system epss
scoring_elements 0.81107
published_at 2026-06-05T12:55:00Z
2
value 0.01443
scoring_system epss
scoring_elements 0.81111
published_at 2026-06-06T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-16931
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16931
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16931
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1517307
reference_id 1517307
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1517307
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-16931
reference_id CVE-2017-16931
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-16931
fixed_packages
0
url pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-3.1?distro=trixie
purl pkg:deb/debian/libxml2@2.9.4%2Bdfsg1-3.1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-3.1%3Fdistro=trixie
1
url pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie
purl pkg:deb/debian/libxml2@2.9.10%2Bdfsg-6.7%2Bdeb11u4?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d47v-hstc-wqc1
1
vulnerability VCID-k5ns-qsh8-9ufj
2
vulnerability VCID-kqv4-tkg9-6ugb
3
vulnerability VCID-p5kk-3yg6-yucb
4
vulnerability VCID-rymj-pnfv-3khf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.10%252Bdfsg-6.7%252Bdeb11u4%3Fdistro=trixie
2
url pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie
purl pkg:deb/debian/libxml2@2.9.14%2Bdfsg-1.3~deb12u5?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d47v-hstc-wqc1
1
vulnerability VCID-k5ns-qsh8-9ufj
2
vulnerability VCID-kqv4-tkg9-6ugb
3
vulnerability VCID-p5kk-3yg6-yucb
4
vulnerability VCID-rymj-pnfv-3khf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.14%252Bdfsg-1.3~deb12u5%3Fdistro=trixie
3
url pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie
purl pkg:deb/debian/libxml2@2.12.7%2Bdfsg%2Breally2.9.14-2.1%2Bdeb13u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d47v-hstc-wqc1
1
vulnerability VCID-k5ns-qsh8-9ufj
2
vulnerability VCID-kqv4-tkg9-6ugb
3
vulnerability VCID-p5kk-3yg6-yucb
4
vulnerability VCID-rymj-pnfv-3khf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.12.7%252Bdfsg%252Breally2.9.14-2.1%252Bdeb13u2%3Fdistro=trixie
4
url pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie
purl pkg:deb/debian/libxml2@2.15.2%2Bdfsg-0.1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k5ns-qsh8-9ufj
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.2%252Bdfsg-0.1%3Fdistro=trixie
5
url pkg:deb/debian/libxml2@2.15.3%2Bdfsg-1?distro=trixie
purl pkg:deb/debian/libxml2@2.15.3%2Bdfsg-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.15.3%252Bdfsg-1%3Fdistro=trixie
aliases CVE-2017-16931
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zezc-xfmm-cqcg
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/libxml2@2.9.4%252Bdfsg1-3.1%3Fdistro=trixie