libxml2 < 2.9.3 - Heap-Based Buffer Overflow via Unclosed HTML Comment
The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML comment.