CVE-2015-8035
Severity
2.6LOW
EPSS
1.1%
top 21.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 18
Latest updateMay 14
Description
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
CVSS vector
AV:N/AC:H/C:N/I:N/A:PExploitability: 4.9 | Impact: 2.9
Affected Packages6 packages
Also affects: Debian Linux 7.0, 8.0, Ubuntu Linux 14.04
🔴Vulnerability Details
3📋Vendor Advisories
9Red Hat
▶
Debian▶
CVE-2015-8035: libxml2 - The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect comp...↗2015
💬Community
6Bugzilla▶
CVE-2018-14567 libxml2: Infinite loop caused by incorrect error detection during LZMA decompression↗2018-08-22
Bugzilla▶
CVE-2015-8035 mingw-libxml2: libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [epel-7]↗2015-11-02
Bugzilla
▶
Bugzilla▶
CVE-2015-8035 libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [fedora-all]↗2015-11-02