CVE-2015-1283
published 2015-07-23CVE-2015-1283: Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote…
medium6.8CVSS 3.1
AVNACMAuNCPIPAP
Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.
Affected
57 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | itunes | — | — |
| apple | itunes_12.6_for_windows | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | expat | < expat 2.1.1-2 (bookworm) | expat 2.1.1-2 (bookworm) |
| debian | expat | < expat 2.1.0-7 (bookworm) | expat 2.1.0-7 (bookworm) |
| debian | libxmltok | < expat 2.1.1-2 (bookworm) | expat 2.1.1-2 (bookworm) |
| debian | libxmltok | < expat 2.1.0-7 (bookworm) | expat 2.1.0-7 (bookworm) |
| android | — | — | |
| chrome | <= 43.0.2357.134 | — | |
| libexpat_project | libexpat | <= 2.1.0 | — |
| libexpat_project | libexpat | <= 2.1.1 | — |
| mcafee | policy_auditor | < 6.5.1 | 6.5.1 |
| mozilla | firefox | <= 37.0.2 | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd7.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv6.8MEDIUM