View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2016-3705 severity important: SUSE including 132 source package names (libxml2, libxml2-2, …), 298 product×package rows across 75 product lines (HPE Helion OpenStack 8, SUSE Liberty Linux 7, … (75 product lines)): Fixed 218, Known Not Affected 80.
The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references.