cbcvebase.
CVE-2015-7941
published 2015-11-18

CVE-2015-7941: libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and…

PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
3.07%
86.0th percentile
libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.

Affected

24 ranges
VendorProductVersion rangeFixed in
appleiphone_os<= 9.2.1
applemac_os_x<= 10.11.3
appletvos<= 9.1
applewatchos<= 2.1
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debiandebian_linux
debianlibxml2< libxml2 2.9.3+dfsg1-1 (bookworm)libxml2 2.9.3+dfsg1-1 (bookworm)
debianlibxml2< libxml2 2.9.2+really2.9.1+dfsg1-0.1 (bookworm)libxml2 2.9.2+really2.9.1+dfsg1-0.1 (bookworm)
hpicewall_federation_agent
hpicewall_file_manager
xmlsoftlibxml2
xmlsoftlibxml2>= 0 < 2.9.3+dfsg1-12.9.3+dfsg1-1
xmlsoftlibxml2>= 0 < 2.9.2+really2.9.1+dfsg1-0.12.9.2+really2.9.1+dfsg1-0.1
xmlsoftlibxml2>= 0 < 2.9.3+dfsg1-12.9.3+dfsg1-1
xmlsoftlibxml2>= 0 < 2.9.2+really2.9.1+dfsg1-0.12.9.2+really2.9.1+dfsg1-0.1
xmlsoftlibxml2>= 0 < 2.9.3+dfsg1-12.9.3+dfsg1-1
xmlsoftlibxml2>= 0 < 2.9.2+really2.9.1+dfsg1-0.12.9.2+really2.9.1+dfsg1-0.1
xmlsoftlibxml2>= 0 < 2.9.3+dfsg1-12.9.3+dfsg1-1
xmlsoftlibxml2>= 0 < 2.9.2+really2.9.1+dfsg1-0.12.9.2+really2.9.1+dfsg1-0.1
xmlsoftlibxml2>= 0 < 2.9.1+dfsg1-3ubuntu4.52.9.1+dfsg1-3ubuntu4.5

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_ubuntu5.0MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.