parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a "%" character in a DTD name. Fixed In Version libxml2 2.9.5