CVE-2015-7942
published 2015-11-18CVE-2015-7942: The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows…
medium6.8CVSS 3.1
AVNACMAuNCPIPAP
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | iphone_os | <= 9.2.1 | — |
| apple | mac_os_x | <= 10.11.3 | — |
| apple | os_x_el_capitan_v10.11.4_and_security_update_2016-002 | — | — |
| apple | tvos | <= 9.1 | — |
| apple | tvos | — | — |
| apple | watchos | <= 2.1 | — |
| apple | watchos | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | libxml2 | < libxml2 2.9.3+dfsg1-1 (bookworm) | libxml2 2.9.3+dfsg1-1 (bookworm) |
| hp | icewall_federation_agent | — | — |
| hp | icewall_file_manager | — | — |
| xmlsoft | libxml2 | — | — |
| xmlsoft | libxml2 | >= 0 < 2.9.3+dfsg1-1 | 2.9.3+dfsg1-1 |
| xmlsoft | libxml2 | >= 0 < 2.9.3+dfsg1-1 | 2.9.3+dfsg1-1 |
| xmlsoft | libxml2 | >= 0 < 2.9.3+dfsg1-1 | 2.9.3+dfsg1-1 |
| xmlsoft | libxml2 | >= 0 < 2.9.3+dfsg1-1 | 2.9.3+dfsg1-1 |
| xmlsoft | libxml2 | >= 0 < 2.9.1+dfsg1-3ubuntu4.5 | 2.9.1+dfsg1-3ubuntu4.5 |
CVSS provenance
nvd6.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv5.0MEDIUM