CVE-2015-8035

Severity

26%

Complexity

49%

Confidentiality

48%

The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.

The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.

CVSS 2.0 Base Score 2.6. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:N/C:N/I:N/A:P).

Overview

First reported 9 years ago

2015-11-18 16:59:00

Last updated 5 years ago

2019-03-08 16:06:00

Affected Software

Debian Linux 7.0

7.0

Debian Linux 8.0 (Jessie)

8.0

XMLSoft Libxml2 2.9.1

2.9.1

Apple Mac OS X

Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)

14.04

References

APPLE-SA-2016-03-21-1

APPLE-SA-2016-03-21-2

APPLE-SA-2016-03-21-3

APPLE-SA-2016-03-21-5

FEDORA-2016-189a7bf68c

FEDORA-2016-a9ee80b01d

openSUSE-SU-2015:2372

openSUSE-SU-2016:0106

RHSA-2016:1089

DSA-3430

[oss-security] 20151102 CVE request: DoS in libxml2 if xz is enabled

[oss-security] 20151102 Re: CVE request: DoS in libxml2 if xz is enabled

[oss-security] 20151103 Re: CVE request: DoS in libxml2 if xz is enabled

77390

1034243

USN-2812-1

http://xmlsoft.org/news.html

Vendor Advisory

https://bugzilla.gnome.org/show_bug.cgi?id=757466

Exploit

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

GLSA-201701-37

https://support.apple.com/HT206166

https://support.apple.com/HT206167

https://support.apple.com/HT206168

https://support.apple.com/HT206169

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.