CVE-2015-8035

Exploit

EPSS 1.05%
Published 18.11.2015 16:59:09
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.

Affected products Warnungen 0 Metrics 2 CWE 0 References 28

Data is provided by the National Vulnerability Database (NVD)

Debian ≫ Debian Linux Version7.0

Debian ≫ Debian Linux Version8.0

Xmlsoft ≫ Libxml2 Version2.9.1

Apple ≫ iPhone OS Version <= 9.2.1

Apple ≫ macOS X Version <= 10.11.3

Apple ≫ tvOS Version <= 9.1

Apple ≫ watchOS Version <= 2.1

Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.05%	0.766

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	2.6	4.9	2.9	AV:N/AC:H/Au:N/C:N/I:N/A:P

http://xmlsoft.org/news.html

Vendor Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html

http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

https://support.apple.com/HT206167

http://rhn.redhat.com/errata/RHSA-2016-1089.html

http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html

http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html

http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html

http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html

http://www.debian.org/security/2015/dsa-3430

http://www.securitytracker.com/id/1034243

http://www.ubuntu.com/usn/USN-2812-1

https://security.gentoo.org/glsa/201701-37

https://support.apple.com/HT206166

https://support.apple.com/HT206168

https://support.apple.com/HT206169

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html

http://www.openwall.com/lists/oss-security/2015/11/02/2

http://www.openwall.com/lists/oss-security/2015/11/02/4

http://www.openwall.com/lists/oss-security/2015/11/03/1

http://www.securityfocus.com/bid/77390

https://bugzilla.gnome.org/show_bug.cgi?id=757466

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2015-8035

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-8035

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-8035

EUVD