CLD-20 Details

Other IDs this deficiency may be known by:

CVE ID CVE-2017-5969 (nvd) (mitre) (debian) (archlinux) (red hat) (suse) (ubuntu)
Other ID(s)

Basic Information:

Affected Package(s) libxml2
Deficiency Type SECURITY
Date Created 2017-09-13 10:24:23
Date Last Modified 2017-09-13 10:44:55

Version Specific Information:

Cucumber 1.0 i686fixed in libxml2-2.9.5-i686-1
Cucumber 1.0 x86_64fixed in libxml2-2.9.5-x86_64-1 and libxml2-lib_i686-2.9.5-lib_i686-1

Cucumber 1.1 i686 fixed in libxml2-2.9.5-i686-1
Cucumber 1.1 x86_64 fixed in libxml2-2.9.5-x86_64-1 and libxml2-lib_i686-2.9.5-lib_i686-1


** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote attackers
to cause a denial of service (NULL pointer dereference) via a crafted XML
document. NOTE: The maintainer states "I would disagree of a CVE with the
Recover parsing option which should only be used for manual recovery at least
for XML parser." (

The bugzilla page ( claims
this was fixed by
This patch has been applied in 2.9.5.