Automated analysis has detected that the following third party packages have had vulnerabilities publicly reported.
NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package.
Package Name: libxml
Package Version: [cpe:/a:xmlsoft:libxml2:2.7.7]
Advisory: CVE-2016-4483
Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-4483
CVSS severity score: 5/10.0
Confidence: high
Description:
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.
Comment 1 by elawrence@chromium.org
, Jan 6 2018Components: Blink>XML