CVE-2015-7942
Severity
6.8MEDIUM
EPSS
1.5%
top 19.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 18
Latest updateMay 14
Description
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.
CVSS vector
AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4
Affected Packages8 packages
Also affects: Debian Linux 7.0, 8.0, Ubuntu Linux 12.04, 14.04, 15.04, 15.10
🔴Vulnerability Details
3📋Vendor Advisories
7Debian▶
CVE-2015-7942: libxml2 - The xmlParseConditionalSections function in parser.c in libxml2 does not properl...↗2015
💬Community
5Bugzilla▶
CVE-2015-7942 mingw-libxml2: libxml2: heap-based buffer overflow in xmlParseConditionalSections() [fedora-all]↗2015-10-29
Bugzilla▶
CVE-2015-7942 mingw-libxml2: libxml2: heap-based buffer overflow in xmlParseConditionalSections() [epel-7]↗2015-10-29
Bugzilla▶
CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections() [fedora-all]↗2015-10-29
Bugzilla
▶