CVE-2015-7941
libxml2: Out-of-bounds memory access
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.
libxml2 2.9.2 no detiene adecuadamente el análisis de entrada no válido, lo que permite a atacantes dependientes del contexto causar una denegación de servicio (lectura fuera de rango y caída de libxml2) a través de datos XML manipulados en la función (1) xmlParseEntityDecl o (2) xmlParseConditionalSections en parser.c, según lo demostrado por entidades non-terminated.
A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-10-22 CVE Reserved
- 2015-11-17 CVE Published
- 2023-07-06 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-125: Out-of-bounds Read
CAPEC
References (24)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/10/22/5 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2015/10/22/8 | Mailing List |
|
| http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html | X_refsource_confirm |
|
| http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | X_refsource_confirm |
|
| http://www.securityfocus.com/bid/74241 | Vdb Entry | |
| http://www.securitytracker.com/id/1034243 | Vdb Entry | |
| http://xmlsoft.org/news.html | X_refsource_confirm | |
| https://bugzilla.gnome.org/show_bug.cgi?id=744980 | X_refsource_confirm | |
| https://git.gnome.org/browse/libxml2/commit/?id=9b8512337d14c8ddf662fcb98b0135f225a1c489 | X_refsource_confirm | |
| https://git.gnome.org/browse/libxml2/commit/?id=a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 | X_refsource_confirm | |
| https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 15.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "15.04" | - |
Affected
| ||||||
| Xmlsoft Search vendor "Xmlsoft" | Libxml2 Search vendor "Xmlsoft" for product "Libxml2" | 2.9.2 Search vendor "Xmlsoft" for product "Libxml2" and version "2.9.2" | - |
Affected
| ||||||