CVE-2017-0663

Priority
Medium
Description
A remote code execution vulnerability in libxml2 could enable an attacker
using a specially crafted file to execute arbitrary code within the context
of an unprivileged process. This issue is rated as High due to the
possibility of remote code execution in an application that uses this
library. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0,
7.1.1, 7.1.2. Android ID: A-37104170.
References
Bugs
Notes
 tyhicks> Downgrading from high to medium as the invalid write consists of a
  an enum member within a struct being written with a constant value that's not
  attacker controlled. I suspect that this is quite difficult to exploit.
Package
Upstream:released (2.9.4+dfsg1-3.1)
Ubuntu 17.10 (Artful Aardvark):not-affected (2.9.4+dfsg1-3.1)
Ubuntu 12.04 ESM (Precise Pangolin):released (2.7.8.dfsg-5.1ubuntu4.18)
Ubuntu 14.04 LTS (Trusty Tahr):released (2.9.1+dfsg1-3ubuntu4.10)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (2.9.3+dfsg1-1ubuntu0.3)
Ubuntu 17.04 (Zesty Zapus):released (2.9.4+dfsg1-2.2ubuntu0.1)
Patches:
Upstream:https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 17.04 (Zesty Zapus):needs-triage
More Information

Updated: 2017-10-10 21:14:15 UTC (commit 13488)