The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows attackers to cause a denial of service (buffer over-read) or information disclosure. Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=775200
Created libxml2 tracking bugs for this issue: Affects: fedora-all [bug 1449544] Created mingw-libxml2 tracking bugs for this issue: Affects: epel-7 [bug 1449543] Affects: fedora-all [bug 1449545]