Debian Libxml2 vulnerabilities

CVE-2015-8806 [HIGH] CVE-2015-8806: libxml2 - dict.c in libxml2 allows remote attackers to cause a denial of service (heap-bas... dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document. Scope: local bookworm: resolved (fixed in 2.9.3+dfsg1-1.1) bullseye: resolved (fixed in 2.9.3+dfsg1-1.1) forky: resolved (fixed in 2.9.3+dfsg1

CVE-2015-7942 [MEDIUM] CVE-2015-7942: libxml2 - The xmlParseConditionalSections function in parser.c in libxml2 does not properl... The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. Scope: local bookworm: resolved (fixed in 2.9.3+dfsg1

CVE-2015-8242 [MEDIUM] CVE-2015-8242: libxml2 - The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser ... The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. Scope: local bookworm: resolved (fixed in 2.9.3+dfsg1-1) bullseye: resolved (fixed in 2.9.3+d

CVE-2015-7497 [MEDIUM] CVE-2015-7497: libxml2 - Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in l... Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors. Scope: local bookworm: resolved (fixed in 2.9.3+dfsg1-1) bullseye: resolved (fixed in 2.9.3+dfsg1-1) forky: resolved (fixed in 2.9.3+dfsg1-1) sid: resolved (fixed in 2.9.3+dfsg1-1

CVE-2015-7500 [MEDIUM] CVE-2015-7500: libxml2 - The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dep... The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags. Scope: local bookworm: resolved (fixed in 2.9.3+dfsg1-1) bullseye: resolved (fixed in 2.9.3+dfsg1-1) forky: resolved (fixed in 2.9.3+df

CVE-2015-8241 [MEDIUM] CVE-2015-8241: libxml2 - The xmlNextChar function in libxml2 2.9.2 does not properly check the state, whi... The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data. Scope: local bookworm: resolved (fixed in 2.9.3+dfsg1-1) bullseye: resolved (fixed in 2.9.3+dfsg1-1) forky: resolve

CVE-2015-5312 [MEDIUM] CVE-2015-5312: libxml2 - The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does... The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660. Scope: local bookworm: resolved (fixed in 2.9.3+dfsg1-1) bullseye: resolved (fixed in 2.9.3+

CVE-2015-8317 [MEDIUM] CVE-2015-8317: libxml2 - The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-... The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read. Scope: local bookworm: resolved (fixed in 2.9.2+zdfsg1-4) bullseye: resolved (fixed in 2.9.2+zdfsg1-4) fork

CVE-2015-7499 [MEDIUM] CVE-2015-7499: libxml2 - Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before... Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. Scope: local bookworm: resolved (fixed in 2.9.3+dfsg1-1) bullseye: resolved (fixed in 2.9.3+dfsg1-1) forky: resolved (fixed in 2.9.3+dfsg1-1) sid: resolved (fixed in 2.9.3+df

CVE-2015-7941 [MEDIUM] CVE-2015-7941: libxml2 - libxml2 2.9.2 does not properly stop parsing invalid input, which allows context... libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities. Scope: local bookworm: resolved (fixed in 2.9.2

CVE-2015-7498 [MEDIUM] CVE-2015-7498: libxml2 - Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml... Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure. Scope: local bookworm: resolved (fixed in 2.9.3+dfsg1-1) bullseye: resolved (fixed in 2.9.3+dfsg1-1) forky: resolved (

CVE-2015-8035 [LOW] CVE-2015-8035: libxml2 - The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect comp... The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. Scope: local bookworm: resolved (fixed in 2.9.3+dfsg1-1) bullseye: resolved (fixed in 2.9.3+dfsg1-1) forky: resolved (fixed in 2.9.3+dfsg1-1) sid: resolved (fixed in 2.

CVE-2015-1819 [MEDIUM] CVE-2015-1819: libxml2 - The xmlreader in libxml allows remote attackers to cause a denial of service (me... The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack. Scope: local bookworm: resolved (fixed in 2.9.2+really2.9.1+dfsg1-0.1) bullseye: resolved (fixed in 2.9.2+really2.9.1+dfsg1-0.1) forky: resolved (fixed in 2.9.2+really2.9.1+dfsg1-0.1) sid: resolved (

CVE-2014-3660 [MEDIUM] CVE-2014-3660: libxml2 - parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even... parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack. Scope: local bookworm: resolved

CVE-2014-0191 [MEDIUM] CVE-2014-0191: libxml2 - The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as ... The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (

CVE-2013-0339 [MEDIUM] CVE-2013-0339: libxml2 - libxml2 through 2.9.1 does not properly handle external entities expansion unles... libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML Exter

CVE-2013-0338 [MEDIUM] CVE-2013-0338: libxml2 - libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial o... libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka "internal entity expansion" with linear complexity. Scope: local bookworm: resolved (fixed in 2.8.0+dfsg1-7+nmu1) bullseye: resolved

CVE-2013-2877 [MEDIUM] CVE-2013-2877: libxml2 - parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 a... parser.c in libxml2 before 2.9.0, as used in Google Chrome before 28.0.1500.71 and other products, allows remote attackers to cause a denial of service (out-of-bounds read) via a document that ends abruptly, related to the lack of certain checks for the XML_PARSER_EOF state. Scope: local bookworm: resolved (fixed in 2.9.1+dfsg1-1) bullseye: resolved (fixed in 2.9.1+

CVE-2013-1969 [HIGH] CVE-2013-1969: libxml2 - Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other vers... Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to the (1) htmlParseChunk and (2) xmldecl_done functions, as demonstrated by a buffer overflow in the xmlBufGetInputBase function. Scope: local bookworm

CVE-2012-0841 [MEDIUM] CVE-2012-0841: libxml2 - libxml2 before 2.8.0 computes hash values without restricting the ability to tri... libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data. Scope: local bookworm: resolved (fixed in 2.7.8.dfsg-8) bullseye: resolved (fixed in 2.7.8.dfsg-8) forky: resolved (fixed in 2.7.8.dfsg-8) sid: