Simon Lees

**Name of the Vulnerable Software and Affected Versions** libxml2 version 2.9.3 **Description** The issue is related to the `xmlParserEntityCheck` and `xmlParseAttValueComplex` functions in the parser.c file of the libxml2 library. These functions do not properly track the recursion depth, allowing context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references. **Recommendations** For libxml2 version 2.9.3, consider updating to a newer version that addresses this issue, as the current version does not properly handle recursion depth in the `xmlParserEntityCheck` and `xmlParseAttValueComplex` functions. As a temporary workaround, consider restricting the use of these functions or limiting the complexity of XML documents to minimize the risk of exploitation.