NVD Vulnerability Detail

CVE-2017-15412

Summary	Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Publication Date	Aug. 29, 2018, 4:29 a.m.
Registration Date	Jan. 26, 2021, 1:17 p.m.
Last Update	Nov. 21, 2024, 12:14 p.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

Configuration3		or higher	or less	more than	less than
cpe:2.3:a:google:chrome::::::::					63.0.3239.84

Configuration4		or higher	or less	more than	less than
cpe:2.3:a:xmlsoft:libxml2::::::::					2.9.5

Related information, measures and tools

No	URL	refsource	タグ
1	http://www.securitytracker.com/id/1040348
2	http://www.securitytracker.com/id/1040348
3	https://access.redhat.com/errata/RHSA-2017:3401
4	https://access.redhat.com/errata/RHSA-2017:3401
5	https://access.redhat.com/errata/RHSA-2018:0287
6	https://access.redhat.com/errata/RHSA-2018:0287
7	https://bugzilla.gnome.org/show_bug.cgi?id=783160
8	https://bugzilla.gnome.org/show_bug.cgi?id=783160
9	https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html
10	https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html
11	https://crbug.com/727039
12	https://crbug.com/727039
13	https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html
14	https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html
15	https://security.gentoo.org/glsa/201801-03
16	https://security.gentoo.org/glsa/201801-03
17	https://www.debian.org/security/2018/dsa-4086
18	https://www.debian.org/security/2018/dsa-4086

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-416	解放済みメモリの使用	https://cwe.mitre.org/data/definitions/416.html

JVN Vulnerability Information

libxml2 における解放済みメモリの使用に関する脆弱性

Title	libxml2 における解放済みメモリの使用に関する脆弱性
Summary	libxml2 には、解放済みメモリの使用に関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Dec. 6, 2017, midnight
Registration Date	Nov. 19, 2018, 5:06 p.m.
Last Update	Nov. 19, 2018, 5:06 p.m.

Affected System

レッドハット

Red Hat Enterprise Linux Desktop

Red Hat Enterprise Linux Server

Red Hat Enterprise Linux Workstation

Debian

Debian GNU/Linux

Google

Google Chrome 63.0.3239.84 未満

xmlsoft.org

libxml2 2.9.5 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-15412	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15412
National Vulnerability Database (NVD)
2	CVE-2017-15412	https://nvd.nist.gov/vuln/detail/CVE-2017-15412

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-416	https://cwe.mitre.org/data/definitions/416.html

ベンダー情報

No	Name	URL
Debian
1	[SECURITY] [DLA 1211-1] libxml2 security update	https://lists.debian.org/debian-lts-announce/2017/12/msg00014.html
Debian Security Advisory
2	DSA-4086	https://www.debian.org/security/2018/dsa-4086
Google
3	Google Chrome	https://www.google.com/intl/ja/chrome/browser/features.html
4	Stable Channel Update for Desktop	https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html
Red Hat Security Advisory
5	RHSA-2017:3401	https://access.redhat.com/errata/RHSA-2017:3401
6	RHSA-2018:0287	https://access.redhat.com/errata/RHSA-2018:0287
xmlsoft.org
7	Top Page	http://www.xmlsoft.org/

その他

No	Name	URL
関連文書
1	Issue 727039	https://crbug.com/727039

Change Log

No	Changed Details	Date of change
1	[2018年11月19日] 掲載	Nov. 19, 2018, 5:06 p.m.