libxml2 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2 to crash. References: http://seclists.org/oss-sec/2017/q2/258
Created libxml2 tracking bugs for this issue: Affects: fedora-all [bug 1452550] Created mingw-libxml2 tracking bugs for this issue: Affects: fedora-all [bug 1452551]
Statement: This vulnerability exists in the DTD validation functionality of libxml2. Applications that do not attempt to validate untrusted documents are not impacted.
Upstream patch: https://gitlab.gnome.org/GNOME/libxml2/commit/932cc9896ab