PT-2015-3255 · Xmlsoft+5 · Libxml2+5

Kostya Serebryany

Publicado

2015-11-20

Atualizado

2026-03-13

CVE-2015-7499

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.9.3

Description The issue is a heap-based buffer overflow in the xmlGROW function in parser.c in libxml2. This allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or crash the application.

Recommendations For versions prior to 2.9.3, update to version 2.9.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the xmlGROW function in parser.c to minimize the risk of exploitation. Avoid processing untrusted or specially crafted XML or HTML files with libxml2 until the issue is resolved.

Exploit

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2015-2016

BDU:2016-01644

CESA-2015_2549

CESA-2015_2550

CVE-2015-7499

DLA-373-1

DSA-3430-1

GHSA-JXJR-5H69-QW3W

MGASA-2015-0457

OPENSUSE-SU-2024:10192-1

OPENSUSE-SU-2024:10549-1

OPENSUSE-SU-2024:11340-1

OPENSUSE-SU-2024:11912-1

OPENSUSE-SU-2024:13165-1

OPENSUSE-SU-2024:14174-1

OPENSUSE-SU-2025:14697-1

OPENSUSE-SU-2026:10356-1

RHSA-2015:2549

RHSA-2015:2550

RHSA-2015_2549

RHSA-2015_2550

SUSE-SU-2016:0030-1

SUSE-SU-2016:0049-1

SUSE-SU-2016:0786-1

USN-2834-1

USN-2875-1

Produtos afetados

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Libxml2

PT-2015-3255 · Xmlsoft+5 · Libxml2+5

CVE-2015-7499

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 152