CVE-2015-7995

CWE-587 CWE-84316 documents10 sources

Severity

5.0MEDIUM

EPSS

1.4%

top 19.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Iphone OS Apple MAC OS X Apple Tvos +2 more

Timeline

PublishedNov 17

Latest updateMay 14

Description

The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages6 packages

▶Debianlibxslt< 1.1.28-2.1+3

▶NVDxmlsoft/libxslt1.1.28

▶NVDapple/tvos9.1

▶NVDapple/watchos2.1

▶NVDapple/mac_os_x10.11.2

🔴Vulnerability Details

GHSA

GHSA-57m4-4wjx-3w7c: The xsltStylePreCompute function in preproc↗2022-05-14

▶

CVEList

CVE-2015-7995: The xsltStylePreCompute function in preproc↗2015-11-17

▶

OSV

CVE-2015-7995: The xsltStylePreCompute function in preproc↗2015-11-17

▶

📋Vendor Advisories

Android

CVE-2015-7995: Android Security Bulletin 2017-06-01 CVE: CVE-2015-7995 Severity: MEDIUM Type: ID Affected AOSP versions: 4↗2017-06-01

▶

Ubuntu

Libxslt vulnerabilities↗2017-04-28

▶

Red Hat

libxslt: Type confusion may cause DoS↗2015-08-26

▶

Debian

CVE-2015-7995: libxslt - The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check i...↗2015

▶

Apple

CVE-2015-7995: Apple TV 7.2.1↗

▶

💬Community

Bugzilla

CVE-2015-7995 libxslt: Type confusion may cause DoS [fedora-all]↗2015-08-28

▶

Bugzilla

CVE-2015-7995 mingw-libxslt: libxslt: Type confusion may cause DoS [epel-7]↗2015-08-28

▶

Bugzilla

CVE-2015-7995 libxslt: Type confusion may cause DoS↗2015-08-28

▶