CVE-2015-8317
published 2015-12-15CVE-2015-8317: The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated…
medium5CVSS 3.1
AVNACLAuNCPINAN
The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | icloud_for_windows | — | — |
| apple | ios | — | — |
| apple | itunes_12.4.2_for_windows | — | — |
| apple | os_x_el_capitan_v10.11.6_and_security_update_2016-004 | — | — |
| apple | tvos | — | — |
| apple | watchos | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | libxml2 | < libxml2 2.9.2+zdfsg1-4 (bookworm) | libxml2 2.9.2+zdfsg1-4 (bookworm) |
| hp | icewall_federation_agent | — | — |
| hp | icewall_file_manager | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_hpc_node | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
| xmlsoft | libxml2 | <= 2.9.2 | — |
| xmlsoft | libxml2 | >= 0 < 2.9.2+zdfsg1-4 | 2.9.2+zdfsg1-4 |
| xmlsoft | libxml2 | >= 0 < 2.9.2+zdfsg1-4 | 2.9.2+zdfsg1-4 |
| xmlsoft | libxml2 | >= 0 < 2.9.2+zdfsg1-4 | 2.9.2+zdfsg1-4 |
| xmlsoft | libxml2 | >= 0 < 2.9.2+zdfsg1-4 | 2.9.2+zdfsg1-4 |
| xmlsoft | libxml2 | >= 0 < 2.9.1+dfsg1-3ubuntu4.6 | 2.9.1+dfsg1-3ubuntu4.6 |
CVSS provenance
nvd5.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv7.1HIGH