Back to search
CVE-2016-9318
Published: Nov 16, 2016
Modified: Dec 4, 2025
PUBLISHED
Description
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://bugzilla.gnome.org/show_bug.cgi?id=772726
x_refsource_MISC
https://github.com/lsh123/xmlsec/issues/43
x_refsource_MISC
USN-3739-1
vendor-advisory
x_refsource_UBUNTU
GLSA-201711-01
vendor-advisory
x_refsource_GENTOO
94347
vdb-entry
x_refsource_BID
USN-3739-2
vendor-advisory
x_refsource_UBUNTU
[debian-lts-announce] 20220408 [SECURITY] [DLA 2972-1] libxml2 security update
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now