Description libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.
CVSS vector AV:N/AC:M/C:N/I:N/A:P Exploitability: 8.6 | Impact: 2.9 Confidentiality: None
Integrity: None
Affected Packages2 packages ▶ Debian libxml2 < 2.9.2+really2.9.1+dfsg1-0.1 +3 Also affects: Ubuntu Linux 12.04, 14.04, 15.04
🔴 Vulnerability Details4 GHSA GHSA-v48g-p9p2-j8cr: libxml2 2 ↗ 2022-05-17 ▶ CVEList CVE-2015-7941: libxml2 2 ↗ 2015-11-18 ▶ OSV CVE-2015-7941: libxml2 2 ↗ 2015-11-18 ▶ OSV libxml2 vulnerabilities ↗ 2015-11-16 ▶
📋 Vendor Advisories4 Ubuntu libxml2 vulnerabilities ↗ 2015-11-16 ▶ Red Hat libxml2: heap-based buffer overflow in xmlParseConditionalSections() ↗ 2015-10-22 ▶ Red Hat libxml2: Out-of-bounds memory access ↗ 2015-02-22 ▶ Debian CVE-2015-7941: libxml2 - libxml2 2.9.2 does not properly stop parsing invalid input, which allows context... ↗ 2015 ▶
💬 Community6 Bugzilla libxml2: Multiple out-of-bounds reads in xmlDictComputeFastKey.isra.2 and xmlDictAddString.isra.O ↗ 2015-11-13 ▶ Bugzilla CVE-2015-7941 libxml2: Out-of-bounds memory access [fedora-all] ↗ 2015-10-22 ▶ Bugzilla CVE-2015-7941 mingw-libxml2: libxml2: Out-of-bounds memory access [fedora-all] ↗ 2015-10-22 ▶ Bugzilla CVE-2015-7941 mingw-libxml2: libxml2: Out-of-bounds memory access [epel-7] ↗ 2015-10-22 ▶ Bugzilla CVE-2015-7941 libxml2: Out-of-bounds memory access ↗ 2015-10-22 ▶ Show 1 more