Daniel Berrange discovered that libxml2 would incorrectly perform entity substitution even when requested not to. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause resource consumption, resulting in a denial of service.
{ "availability": "No subscription required", "binaries": [ { "binary_version": "2.9.1+dfsg1-3ubuntu4.1", "binary_name": "libxml2" }, { "binary_version": "2.9.1+dfsg1-3ubuntu4.1", "binary_name": "libxml2-dbg" }, { "binary_version": "2.9.1+dfsg1-3ubuntu4.1", "binary_name": "libxml2-dev" }, { "binary_version": "2.9.1+dfsg1-3ubuntu4.1", "binary_name": "libxml2-doc" }, { "binary_version": "2.9.1+dfsg1-3ubuntu4.1", "binary_name": "libxml2-udeb" }, { "binary_version": "2.9.1+dfsg1-3ubuntu4.1", "binary_name": "libxml2-utils" }, { "binary_version": "2.9.1+dfsg1-3ubuntu4.1", "binary_name": "libxml2-utils-dbg" }, { "binary_version": "2.9.1+dfsg1-3ubuntu4.1", "binary_name": "python-libxml2" }, { "binary_version": "2.9.1+dfsg1-3ubuntu4.1", "binary_name": "python-libxml2-dbg" } ] }