Parameter-Entity Reference Mishandling in libxml2's parser.c

Parameter-Entity Reference Mishandling in libxml2's parser.c

CVE-2017-16931 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.

Learn more about our Web Application Penetration Testing UK.