CVE-2015-8241

CWE-119 — Buffer Overflow CWE-125 — Out-of-bounds Read10 documents8 sources

Severity

6.4MEDIUM

EPSS

1.0%

top 23.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xmlsoft Libxml2 Canonical Ubuntu Linux Debian Debian Linux +6 more

Timeline

PublishedDec 15

Latest updateMay 17

Description

The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.

CVSS vector

AV:N/AC:L/C:P/I:N/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages8 packages

▶Debianlibxml2< 2.9.3+dfsg1-1+3

▶NVDxmlsoft/libxml22.9.2

▶NVDhp/icewall_file_manager3.0

▶NVDhp/icewall_federation_agent3.0

▶NVDredhat/enterprise_linux_server6.0

Also affects: Debian Linux 7.0, 8.0, Ubuntu Linux 12.04, 14.04, 15.04, 15.10

🔴Vulnerability Details

GHSA

GHSA-54c8-wpg2-cf22: The xmlNextChar function in libxml2 2↗2022-05-17

▶

CVEList

CVE-2015-8241: The xmlNextChar function in libxml2 2↗2015-12-15

▶

OSV

CVE-2015-8241: The xmlNextChar function in libxml2 2↗2015-12-15

▶

OSV

libxml2 vulnerabilities↗2015-12-14

▶

📋Vendor Advisories

Ubuntu

libxml2 vulnerabilities↗2015-12-14

▶

Red Hat

libxml2: Buffer overread with XML parser in xmlNextChar↗2015-10-08

▶

Debian

CVE-2015-8241: libxml2 - The xmlNextChar function in libxml2 2.9.2 does not properly check the state, whi...↗2015

▶

💬Community

Bugzilla

CVE-2015-8241 libxml2: Buffer overread with XML parser in xmlNextChar↗2015-11-13

▶

Bugzilla

CVE-2014-8241 tigervnc: NULL pointer dereference flaw in XRegion↗2014-10-10

▶