4.3
CVE-2015-7941
- EPSS 3.07%
- Veröffentlicht 18.11.2015 16:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Canonical ≫ Ubuntu Linux Version12.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version15.04
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.07% | 0.859 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://xmlsoft.org/news.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
http://rhn.redhat.com/errata/RHSA-2016-1089.html
http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html
http://rhn.redhat.com/errata/RHSA-2015-2550.html
http://www.debian.org/security/2015/dsa-3430
http://www.securitytracker.com/id/1034243
http://www.ubuntu.com/usn/USN-2812-1
https://security.gentoo.org/glsa/201701-37
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html
http://marc.info/?l=bugtraq&m=145382616617563&w=2
http://rhn.redhat.com/errata/RHSA-2015-2549.html
http://www.openwall.com/lists/oss-security/2015/10/22/5
http://www.openwall.com/lists/oss-security/2015/10/22/8
http://www.securityfocus.com/bid/74241
https://bugzilla.gnome.org/show_bug.cgi?id=744980
https://git.gnome.org/browse/libxml2/commit/?id=9b8512337d14c8ddf662fcb98b0135f225a1c489
https://git.gnome.org/browse/libxml2/commit/?id=a7dfab7411cbf545f359dd3157e5df1eb0e7ce31
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172