libxml2 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2 to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398. References: http://seclists.org/oss-sec/2017/q2/258
Created libxml2 tracking bugs for this issue: Affects: fedora-all [bug 1452550]
Created mingw-libxml2 tracking bugs for this issue: Affects: fedora-all [bug 1452551]
oss-security report suggests this is the same as CVE-2017-9050, as exactly the same patch is proposed and the stack trace passes through the same function chain.
Upstream patch: https://gitlab.gnome.org/GNOME/libxml2/commit/45752d2c3