CVE-2017-7375

9.8 CRITICAL
Published: February 19, 2018 Modified: December 03, 2025
View on NVD

Description

A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable).

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://www.securityfocus.com/bid/98877
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038623
Source: cve@mitre.org
Third Party Advisory VDB Entry
https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa
Source: cve@mitre.org
Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1462203
Source: cve@mitre.org
Issue Tracking Patch Third Party Advisory
https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e
Source: cve@mitre.org
Patch Third Party Advisory
https://security.gentoo.org/glsa/201711-01
Source: cve@mitre.org
Third Party Advisory
https://source.android.com/security/bulletin/2017-06-01
Source: cve@mitre.org
Patch Third Party Advisory
https://www.debian.org/security/2017/dsa-3952
Source: cve@mitre.org
Third Party Advisory
http://www.securityfocus.com/bid/98877
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038623
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1462203
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Patch Third Party Advisory
https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Third Party Advisory
https://security.gentoo.org/glsa/201711-01
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://source.android.com/security/bulletin/2017-06-01
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Third Party Advisory
https://www.debian.org/security/2017/dsa-3952
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

16 reference(s) from NVD

Quick Stats

CVSS v3 Score
9.8 / 10.0
EPSS (Exploit Probability)
0.3%
49th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-611 CWE-611

Affected Vendors

xmlsoft google debian

Related CVEs

CVE-2025-52691 10.0
CVE-2025-15168 7.3
CVE-2025-15167 7.3
CVE-2025-15166 7.3
CVE-2025-15165 7.3