PT-2015-2751 · Libxml2+6 · Libxml2+6

Michal Zalewski

Publicado

2015-10-23

Atualizado

2026-03-13

CVE-2015-7941

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions libxml2 version 2.9.2

Description The issue is caused by improper handling of invalid input, allowing context-dependent attackers to cause a denial of service via crafted XML data. This can lead to an out-of-bounds read and a crash in libxml2. The xmlParseEntityDecl and xmlParseConditionalSections functions in parser.c are affected.

Recommendations For libxml2 version 2.9.2, consider updating to a newer version to resolve the issue. As a temporary workaround, restrict the use of the xmlParseEntityDecl and xmlParseConditionalSections functions in parser.c to minimize the risk of exploitation. Avoid using crafted XML data that could trigger the denial of service.

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2015-2016

BDU:2015-12116

CESA-2015_2549

CESA-2015_2550

CVE-2015-7941

DLA-266-1

DSA-3430-1

OPENSUSE-SU-2024:10192-1

OPENSUSE-SU-2024:10549-1

OPENSUSE-SU-2024:11340-1

OPENSUSE-SU-2024:11912-1

OPENSUSE-SU-2024:13165-1

OPENSUSE-SU-2024:14174-1

OPENSUSE-SU-2025:14697-1

OPENSUSE-SU-2026:10356-1

RHSA-2015:2549

RHSA-2015:2550

RHSA-2015_2549

RHSA-2015_2550

SUSE-SU-2016:0030-1

SUSE-SU-2016:0049-1

SUSE-SU-2016:0786-1

USN-2812-1

Produtos afetados

Alt Linux

Centos

Ibm Aix

Red Hat

Suse

Ubuntu

Libxml2

PT-2015-2751 · Libxml2+6 · Libxml2+6

CVE-2015-7941

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 128