parser.c in libxml2 prior to 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xmlsoft libxml2 |