Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:ebuild/dev-libs/libxml2@2.9.4-r3

Type ebuild

Namespace dev-libs

Name libxml2

Version 2.9.4-r3

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2.9.10

Latest_non_vulnerable_version 2.12.5

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-3whx-6t3e-7beq

vulnerability_id VCID-3whx-6t3e-7beq

summary

Multiple vulnerabilities have been found in libxml2, the worst of
    which could result in the execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5969.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5969.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-5969

reference_id

reference_type

scores

value	0.02935
scoring_system	epss
scoring_elements	0.86361
published_at	2026-04-01T12:55:00Z

value	0.02935
scoring_system	epss
scoring_elements	0.86461
published_at	2026-04-24T12:55:00Z

value	0.02935
scoring_system	epss
scoring_elements	0.86443
published_at	2026-04-16T12:55:00Z

value	0.02935
scoring_system	epss
scoring_elements	0.86448
published_at	2026-04-18T12:55:00Z

value	0.02935
scoring_system	epss
scoring_elements	0.86442
published_at	2026-04-21T12:55:00Z

value	0.02935
scoring_system	epss
scoring_elements	0.86372
published_at	2026-04-02T12:55:00Z

value	0.02935
scoring_system	epss
scoring_elements	0.86389
published_at	2026-04-04T12:55:00Z

value	0.02935
scoring_system	epss
scoring_elements	0.86391
published_at	2026-04-07T12:55:00Z

value	0.02935
scoring_system	epss
scoring_elements	0.8641
published_at	2026-04-08T12:55:00Z

value	0.02935
scoring_system	epss
scoring_elements	0.8642
published_at	2026-04-09T12:55:00Z

value	0.02935
scoring_system	epss
scoring_elements	0.86434
published_at	2026-04-11T12:55:00Z

value	0.02935
scoring_system	epss
scoring_elements	0.86432
published_at	2026-04-12T12:55:00Z

value	0.02935
scoring_system	epss
scoring_elements	0.86426
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-5969

reference_url	https://bugzilla.gnome.org/show_bug.cgi?id=778519
reference_id
reference_type
scores
url	https://bugzilla.gnome.org/show_bug.cgi?id=778519

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5969
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5969

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:N/I:N/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2022/04/msg00004.html

reference_url	https://security.gentoo.org/glsa/201711-01
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/201711-01

reference_url	http://www.openwall.com/lists/oss-security/2016/11/05/3
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2016/11/05/3

reference_url	http://www.openwall.com/lists/oss-security/2017/02/13/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2017/02/13/1

reference_url	http://www.securityfocus.com/bid/96188
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/96188

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1421996
reference_id	1421996
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1421996

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855001
reference_id	855001
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855001

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.4:::::::*
reference_id	cpe:2.3:a:xmlsoft:libxml2:2.9.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.4:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-5969

reference_id

CVE-2017-5969

reference_type

scores

value	2.6
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:N/I:N/A:P

value	4.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2017-5969

fixed_packages

url	pkg:ebuild/dev-libs/libxml2@2.9.4-r3
purl	pkg:ebuild/dev-libs/libxml2@2.9.4-r3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libxml2@2.9.4-r3

aliases CVE-2017-5969

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3whx-6t3e-7beq

url VCID-8tej-h12t-2fag

vulnerability_id VCID-8tej-h12t-2fag

summary

Improper Restriction of XML External Entity Reference
A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7375.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7375.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7375

reference_id

reference_type

scores

value	0.00255
scoring_system	epss
scoring_elements	0.48817
published_at	2026-04-24T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48754
published_at	2026-04-01T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48793
published_at	2026-04-02T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48818
published_at	2026-04-04T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48773
published_at	2026-04-07T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48827
published_at	2026-04-08T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48824
published_at	2026-04-09T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48841
published_at	2026-04-11T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48815
published_at	2026-04-12T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48823
published_at	2026-04-13T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48873
published_at	2026-04-16T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48869
published_at	2026-04-18T12:55:00Z

value	0.00255
scoring_system	epss
scoring_elements	0.48829
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1462203

reference_id

1462203

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=1462203

reference_url

https://source.android.com/security/bulletin/2017-06-01

reference_id

2017-06-01

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/

url

https://source.android.com/security/bulletin/2017-06-01

reference_url

https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa

reference_id

308396a55280f69ad4112d4f9892f4cbeff042aa

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/

url

https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870867
reference_id	870867
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870867

reference_url

http://www.securityfocus.com/bid/98877

reference_id

98877

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/

url

http://www.securityfocus.com/bid/98877

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-7375
reference_id	CVE-2017-7375
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-7375

reference_url

https://www.debian.org/security/2017/dsa-3952

reference_id

dsa-3952

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/

url

https://www.debian.org/security/2017/dsa-3952

reference_url

https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e

reference_id

?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-03T21:49:15Z/

url

https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e

reference_url	https://usn.ubuntu.com/3424-1/
reference_id	USN-3424-1
reference_type
scores
url	https://usn.ubuntu.com/3424-1/

reference_url	https://usn.ubuntu.com/3424-2/
reference_id	USN-3424-2
reference_type
scores
url	https://usn.ubuntu.com/3424-2/

fixed_packages

url	pkg:ebuild/dev-libs/libxml2@2.9.4-r3
purl	pkg:ebuild/dev-libs/libxml2@2.9.4-r3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libxml2@2.9.4-r3

aliases CVE-2017-7375

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8tej-h12t-2fag

url VCID-qqte-z1e6-xuh7

vulnerability_id VCID-qqte-z1e6-xuh7

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
A buffer overflow was discovered in libxml2 . The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about "size" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9047.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9047.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-9047

reference_id

reference_type

scores

value	0.0266
scoring_system	epss
scoring_elements	0.85826
published_at	2026-04-24T12:55:00Z

value	0.0266
scoring_system	epss
scoring_elements	0.85779
published_at	2026-04-09T12:55:00Z

value	0.0266
scoring_system	epss
scoring_elements	0.85793
published_at	2026-04-11T12:55:00Z

value	0.0266
scoring_system	epss
scoring_elements	0.8579
published_at	2026-04-12T12:55:00Z

value	0.0266
scoring_system	epss
scoring_elements	0.85787
published_at	2026-04-13T12:55:00Z

value	0.0266
scoring_system	epss
scoring_elements	0.85805
published_at	2026-04-16T12:55:00Z

value	0.0266
scoring_system	epss
scoring_elements	0.85809
published_at	2026-04-18T12:55:00Z

value	0.0266
scoring_system	epss
scoring_elements	0.85803
published_at	2026-04-21T12:55:00Z

value	0.02891
scoring_system	epss
scoring_elements	0.86278
published_at	2026-04-04T12:55:00Z

value	0.02891
scoring_system	epss
scoring_elements	0.86261
published_at	2026-04-02T12:55:00Z

value	0.02891
scoring_system	epss
scoring_elements	0.86279
published_at	2026-04-07T12:55:00Z

value	0.02891
scoring_system	epss
scoring_elements	0.86298
published_at	2026-04-08T12:55:00Z

value	0.03032
scoring_system	epss
scoring_elements	0.86594
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-9047

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1452554
reference_id	1452554
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1452554

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863022
reference_id	863022
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863022

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-9047
reference_id	CVE-2017-9047
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-9047

reference_url	https://usn.ubuntu.com/3424-1/
reference_id	USN-3424-1
reference_type
scores
url	https://usn.ubuntu.com/3424-1/

reference_url	https://usn.ubuntu.com/3424-2/
reference_id	USN-3424-2
reference_type
scores
url	https://usn.ubuntu.com/3424-2/

fixed_packages

url	pkg:ebuild/dev-libs/libxml2@2.9.4-r3
purl	pkg:ebuild/dev-libs/libxml2@2.9.4-r3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libxml2@2.9.4-r3

aliases CVE-2017-9047

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qqte-z1e6-xuh7

url VCID-qtp3-a1g7-8kgw

vulnerability_id VCID-qtp3-a1g7-8kgw

summary

Improper Restriction of XML External Entity Reference
libxml2, as used in XMLSec and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9318.json

reference_id

reference_type

scores

value	6.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9318.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9318

reference_id

reference_type

scores

value	0.00121
scoring_system	epss
scoring_elements	0.30847
published_at	2026-04-24T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.31068
published_at	2026-04-12T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.31023
published_at	2026-04-13T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.31055
published_at	2026-04-16T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.31036
published_at	2026-04-18T12:55:00Z

value	0.00121
scoring_system	epss
scoring_elements	0.31004
published_at	2026-04-21T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32866
published_at	2026-04-02T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32735
published_at	2026-04-01T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32769
published_at	2026-04-08T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32722
published_at	2026-04-07T12:55:00Z

value	0.00132
scoring_system	epss
scoring_elements	0.32901
published_at	2026-04-04T12:55:00Z

value	0.00175
scoring_system	epss
scoring_elements	0.38972
published_at	2026-04-11T12:55:00Z

value	0.00175
scoring_system	epss
scoring_elements	0.3896
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9318

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9318
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9318

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1395609
reference_id	1395609
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1395609

reference_url

https://github.com/lsh123/xmlsec/issues/43

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:39:51Z/

url

https://github.com/lsh123/xmlsec/issues/43

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844581
reference_id	844581
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844581

reference_url

http://www.securityfocus.com/bid/94347

reference_id

94347

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:39:51Z/

url

http://www.securityfocus.com/bid/94347

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2016-9318
reference_id	CVE-2016-9318
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2016-9318

reference_url

https://bugzilla.gnome.org/show_bug.cgi?id=772726

reference_id

show_bug.cgi?id=772726

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:39:51Z/

url

https://bugzilla.gnome.org/show_bug.cgi?id=772726

reference_url

https://usn.ubuntu.com/3739-2/

reference_id

USN-3739-2

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-04T16:39:51Z/

url

https://usn.ubuntu.com/3739-2/

fixed_packages

url	pkg:ebuild/dev-libs/libxml2@2.9.4-r3
purl	pkg:ebuild/dev-libs/libxml2@2.9.4-r3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libxml2@2.9.4-r3

aliases CVE-2016-9318

risk_score 3.0

exploitability 0.5

weighted_severity 6.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qtp3-a1g7-8kgw

url VCID-qxwq-xwaw-nyak

vulnerability_id VCID-qxwq-xwaw-nyak

summary

Multiple vulnerabilities have been found in libxml2, the worst of
    which could result in the execution of arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0663.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-0663.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-0663

reference_id

reference_type

scores

value	0.01042
scoring_system	epss
scoring_elements	0.77393
published_at	2026-04-01T12:55:00Z

value	0.01042
scoring_system	epss
scoring_elements	0.77513
published_at	2026-04-24T12:55:00Z

value	0.01042
scoring_system	epss
scoring_elements	0.77486
published_at	2026-04-18T12:55:00Z

value	0.01042
scoring_system	epss
scoring_elements	0.77479
published_at	2026-04-21T12:55:00Z

value	0.01042
scoring_system	epss
scoring_elements	0.77399
published_at	2026-04-02T12:55:00Z

value	0.01042
scoring_system	epss
scoring_elements	0.77426
published_at	2026-04-04T12:55:00Z

value	0.01042
scoring_system	epss
scoring_elements	0.77405
published_at	2026-04-07T12:55:00Z

value	0.01042
scoring_system	epss
scoring_elements	0.77436
published_at	2026-04-08T12:55:00Z

value	0.01042
scoring_system	epss
scoring_elements	0.77445
published_at	2026-04-09T12:55:00Z

value	0.01042
scoring_system	epss
scoring_elements	0.77471
published_at	2026-04-11T12:55:00Z

value	0.01042
scoring_system	epss
scoring_elements	0.77451
published_at	2026-04-12T12:55:00Z

value	0.01042
scoring_system	epss
scoring_elements	0.77448
published_at	2026-04-13T12:55:00Z

value	0.01042
scoring_system	epss
scoring_elements	0.77488
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-0663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1462225
reference_id	1462225
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1462225

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870870
reference_id	870870
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870870

reference_url	https://usn.ubuntu.com/3424-1/
reference_id	USN-3424-1
reference_type
scores
url	https://usn.ubuntu.com/3424-1/

reference_url	https://usn.ubuntu.com/3424-2/
reference_id	USN-3424-2
reference_type
scores
url	https://usn.ubuntu.com/3424-2/

fixed_packages

url	pkg:ebuild/dev-libs/libxml2@2.9.4-r3
purl	pkg:ebuild/dev-libs/libxml2@2.9.4-r3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libxml2@2.9.4-r3

aliases CVE-2017-0663

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qxwq-xwaw-nyak

url VCID-rhgj-t5cp-wkbh

vulnerability_id VCID-rhgj-t5cp-wkbh

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
libxml2 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9048.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9048.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-9048

reference_id

reference_type

scores

value	0.00601
scoring_system	epss
scoring_elements	0.69564
published_at	2026-04-24T12:55:00Z

value	0.00601
scoring_system	epss
scoring_elements	0.69492
published_at	2026-04-09T12:55:00Z

value	0.00601
scoring_system	epss
scoring_elements	0.69513
published_at	2026-04-11T12:55:00Z

value	0.00601
scoring_system	epss
scoring_elements	0.69498
published_at	2026-04-12T12:55:00Z

value	0.00601
scoring_system	epss
scoring_elements	0.69484
published_at	2026-04-13T12:55:00Z

value	0.00601
scoring_system	epss
scoring_elements	0.69523
published_at	2026-04-16T12:55:00Z

value	0.00601
scoring_system	epss
scoring_elements	0.69532
published_at	2026-04-18T12:55:00Z

value	0.00601
scoring_system	epss
scoring_elements	0.69512
published_at	2026-04-21T12:55:00Z

value	0.00618
scoring_system	epss
scoring_elements	0.69926
published_at	2026-04-04T12:55:00Z

value	0.00618
scoring_system	epss
scoring_elements	0.69898
published_at	2026-04-01T12:55:00Z

value	0.00618
scoring_system	epss
scoring_elements	0.69911
published_at	2026-04-02T12:55:00Z

value	0.00618
scoring_system	epss
scoring_elements	0.69951
published_at	2026-04-08T12:55:00Z

value	0.00618
scoring_system	epss
scoring_elements	0.69903
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-9048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1452549
reference_id	1452549
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1452549

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863021
reference_id	863021
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863021

reference_url

http://www.securityfocus.com/bid/98556

reference_id

98556

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T11:40:41Z/

url

http://www.securityfocus.com/bid/98556

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-9048
reference_id	CVE-2017-9048
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-9048

reference_url	https://usn.ubuntu.com/3424-1/
reference_id	USN-3424-1
reference_type
scores
url	https://usn.ubuntu.com/3424-1/

reference_url	https://usn.ubuntu.com/3424-2/
reference_id	USN-3424-2
reference_type
scores
url	https://usn.ubuntu.com/3424-2/

fixed_packages

url	pkg:ebuild/dev-libs/libxml2@2.9.4-r3
purl	pkg:ebuild/dev-libs/libxml2@2.9.4-r3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libxml2@2.9.4-r3

aliases CVE-2017-9048

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rhgj-t5cp-wkbh

url VCID-ymhr-ads4-qqdp

vulnerability_id VCID-ymhr-ads4-qqdp

summary

Out-of-bounds Read
libxml2 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9049.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9049.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-9049

reference_id

reference_type

scores

value	0.00458
scoring_system	epss
scoring_elements	0.63902
published_at	2026-04-01T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.64039
published_at	2026-04-24T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.63961
published_at	2026-04-02T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.63989
published_at	2026-04-04T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.63948
published_at	2026-04-07T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.63999
published_at	2026-04-08T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.64016
published_at	2026-04-09T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.64028
published_at	2026-04-11T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.64014
published_at	2026-04-12T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.63985
published_at	2026-04-13T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.6402
published_at	2026-04-21T12:55:00Z

value	0.00458
scoring_system	epss
scoring_elements	0.64032
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-9049

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1452556
reference_id	1452556
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1452556

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863019
reference_id	863019
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863019

reference_url

http://www.securityfocus.com/bid/98601

reference_id

98601

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T14:20:28Z/

url

http://www.securityfocus.com/bid/98601

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-9049
reference_id	CVE-2017-9049
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-9049

reference_url	https://usn.ubuntu.com/3424-1/
reference_id	USN-3424-1
reference_type
scores
url	https://usn.ubuntu.com/3424-1/

reference_url	https://usn.ubuntu.com/3424-2/
reference_id	USN-3424-2
reference_type
scores
url	https://usn.ubuntu.com/3424-2/

fixed_packages

url	pkg:ebuild/dev-libs/libxml2@2.9.4-r3
purl	pkg:ebuild/dev-libs/libxml2@2.9.4-r3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libxml2@2.9.4-r3

aliases CVE-2017-9049

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ymhr-ads4-qqdp

url VCID-zm21-2pqq-3ker

vulnerability_id VCID-zm21-2pqq-3ker

summary

Out-of-bounds Read
libxml2 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9050.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9050.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-9050

reference_id

reference_type

scores

value	0.00313
scoring_system	epss
scoring_elements	0.54447
published_at	2026-04-24T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54487
published_at	2026-04-21T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.5451
published_at	2026-04-18T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54507
published_at	2026-04-16T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54468
published_at	2026-04-13T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54489
published_at	2026-04-12T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54506
published_at	2026-04-11T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54479
published_at	2026-04-04T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54457
published_at	2026-04-02T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54494
published_at	2026-04-09T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.545
published_at	2026-04-08T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54448
published_at	2026-04-07T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54378
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-9050

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/sparklemotion/nokogiri/issues/1673

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

url

https://github.com/sparklemotion/nokogiri/issues/1673

reference_url	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E

reference_url	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
url	https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E

reference_url

https://security.gentoo.org/glsa/201711-01

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:10:54Z/

url

https://security.gentoo.org/glsa/201711-01

reference_url

http://www.debian.org/security/2017/dsa-3952

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:10:54Z/

url

http://www.debian.org/security/2017/dsa-3952

reference_url

http://www.openwall.com/lists/oss-security/2017/05/15/1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:10:54Z/

url

http://www.openwall.com/lists/oss-security/2017/05/15/1

reference_url

http://www.securityfocus.com/bid/98568

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T22:10:54Z/

url

http://www.securityfocus.com/bid/98568

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1452553
reference_id	1452553
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1452553

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863018
reference_id	863018
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863018

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-9050

reference_id

CVE-2017-9050

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-9050

reference_url

https://github.com/advisories/GHSA-8c56-cpmw-89x7

reference_id

GHSA-8c56-cpmw-89x7

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8c56-cpmw-89x7

reference_url	https://usn.ubuntu.com/3424-1/
reference_id	USN-3424-1
reference_type
scores
url	https://usn.ubuntu.com/3424-1/

reference_url	https://usn.ubuntu.com/3424-2/
reference_id	USN-3424-2
reference_type
scores
url	https://usn.ubuntu.com/3424-2/

fixed_packages

url	pkg:ebuild/dev-libs/libxml2@2.9.4-r3
purl	pkg:ebuild/dev-libs/libxml2@2.9.4-r3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libxml2@2.9.4-r3

aliases CVE-2017-9050, GHSA-8c56-cpmw-89x7

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zm21-2pqq-3ker

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libxml2@2.9.4-r3

Package Instance