PT-2015-2754 · Xmlsoft+4 · Libxml2+4

Gustavo.Grieco

·

Publicado

2015-11-02

·

Atualizado

2026-03-13

·

CVE-2015-8035

CVSS v2.0

2.6

Baixa

VetorAV:N/AC:H/Au:N/C:N/I:N/A:P
Name of the Vulnerable Software and Affected Versions libxml2 version 2.9.1
Description The issue is related to the xz decomp function in xzlib.c, which does not properly handle compression errors. This allows attackers to cause a denial of service, resulting in a process hang, by providing crafted XML data. The vulnerability is also associated with resource management errors, and its exploitation can lead to a denial of service when specially formed XML data is used.
Recommendations For libxml2 version 2.9.1, consider updating to a newer version that addresses the issue with the xz decomp function. As a temporary workaround, restrict the use of crafted XML data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399

Identificadores relacionados

BDU:2015-12119
CESA-2020_1190
CVE-2015-8035
DSA-3430-1
MGASA-2015-0433
OPENSUSE-SU-2024:10192-1
OPENSUSE-SU-2024:10549-1
OPENSUSE-SU-2024:11340-1
OPENSUSE-SU-2024:11912-1
OPENSUSE-SU-2024:13165-1
OPENSUSE-SU-2024:14174-1
OPENSUSE-SU-2025:14697-1
OPENSUSE-SU-2026:10356-1
RHSA-2020:1190
RHSA-2020_1190
SUSE-SU-2016:0049-1
SUSE-SU-2016:0786-1
USN-2812-1

Produtos afetados

Centos
Red Hat
Suse
Ubuntu
Libxml2