CVSS: 5.0EPSS: 1%CPEs: 13EXPL: 0CVE-2015-7497 – libxml2: Heap-based buffer overflow in xmlDictComputeFastQKey
https://notcve.org/view.php?id=CVE-2015-7497
Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors. Desbordamiento de buffer basado en memoria dinámica en la función xmlDictComputeFastQKey en dict.c en libxml2 en versiones anteriores a 2.9.3 permite a atacantes dependientes del contexto causar una denegación de servicio a través de vectores no especificados. A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash. • http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html http://marc.info/?l=bugtraq&m=145382616617563&w=2 http://rhn.redhat.com/errata/RHSA-2015-2549.html http://rhn.redhat.com/errata/RHSA-2015-2550.html http://rhn.redhat.com/errata/RHSA-2016-1089.html http://www.debian.org/security/2015/dsa-3430 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 2CVE-2015-7942 – libxml2: heap-based buffer overflow in xmlParseConditionalSections()
https://notcve.org/view.php?id=CVE-2015-7942
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. La función xmlParseConditionalSections en parser.c en libxml2 no omite adecuadamente las entidades intermediarias cuando se detiene el análisis de entrada no válida, lo que permite a atacantes dependientes del contexto causar una denegación de servicio (lectura fuera de rango y caída) a través de datos XML manipulados, una vulnerabilidad diferente a CVE-2015-7941. A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash causing a denial of service. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html http://lists.opensuse.org/opensuse-updates/2015- • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2015-7941 – libxml2: Out-of-bounds memory access
https://notcve.org/view.php?id=CVE-2015-7941
libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities. libxml2 2.9.2 no detiene adecuadamente el análisis de entrada no válido, lo que permite a atacantes dependientes del contexto causar una denegación de servicio (lectura fuera de rango y caída de libxml2) a través de datos XML manipulados en la función (1) xmlParseEntityDecl o (2) xmlParseConditionalSections en parser.c, según lo demostrado por entidades non-terminated. A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash. • http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html http://marc.info/?l=bugtraq&m=145382616617563&w=2 http://rhn.redhat.com/errata/RHSA-2015-2549.html http://rhn.redhat.com/errata/RHSA-2015-2550.html http://rhn.redhat.com/errata/RHSA-2016-1089&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •