CVE-2015-7499

CWE-119Buffer OverflowCWE-122Heap-based Buffer Overflow34 documents9 sources
Severity
5.0MEDIUM
EPSS
1.6%
top 18.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
15
Apple Iphone OSApple MAC OS XApple Tvos+12 more
Timeline
PublishedDec 15
Latest updateSep 17

Description

Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages16 packages

Debianlibxml2< 2.9.3+dfsg1-1+3
Ubuntulibxml2< 2.9.1+dfsg1-3ubuntu4.6
NVDxmlsoft/libxml22.9.2
RubyGemsnokogiri1.6.01.6.7.2
NVDapple/tvos9.1

Also affects: Debian Linux 7.0, 8.0, Ubuntu Linux 12.04, 14.04, 15.04, 15.10

Patches

Patch: git.gnome.orgPatch: git.gnome.orgPatch: git.gnome.org

🔴Vulnerability Details

5
GHSA
Heap-based buffer overflow in nokogiri2018-09-17
OSV
Heap-based buffer overflow in nokogiri2018-09-17
CVEList
CVE-2015-7499: Heap-based buffer overflow in the xmlGROW function in parser2015-12-15
OSV
CVE-2015-7499: Heap-based buffer overflow in the xmlGROW function in parser2015-12-15
OSV
libxml2 vulnerabilities2015-12-14

📋Vendor Advisories

27
Ubuntu
libxml2 vulnerabilities2016-01-19
Ubuntu
libxml2 vulnerabilities2015-12-14
Red Hat
libxml2: Heap-based buffer overflow in xmlGROW2015-12-01
Debian
CVE-2015-7499: libxml2 - Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before...2015
Apple
CVE-2016-1761: OS X El Capitan v10.11.4 and Security Update 2016-002

💬Community

1
Bugzilla
CVE-2015-7499 libxml2: Heap-based buffer overflow in xmlGROW2015-11-13
CVE-2015-7499 (MEDIUM CVSS 5) | Heap-based buffer overflow in the x | cvebase.io