Heap-based Buffer Overflow in libxml2 Affects Various Distributions
CVE-2015-7498

Currently unrated

Key Information:

Vendor: HP
Status: Icewall File Manager; Icewall Federation Agent
Vendor: CVE Published:; 15 December 2015

Summary

The vulnerability in libxml2 prior to version 2.9.3 allows attackers to exploit a heap-based buffer overflow in the xmlParseXmlDecl function. This can lead to denial of service conditions due to unspecified vectors associated with extracting errors after encoding conversion failures, potentially impacting systems that depend on XML parsing functionality.

References

http://rhn.redhat.com/errata/RHSA-2015-2550.html

vendor-advisoryx_refsource_REDHAT

http://lists.opensuse.org/opensuse-updates/2016-01/msg000...

vendor-advisoryx_refsource_SUSE

https://git.gnome.org/browse/libxml2/commit/?id=afd27c21f...

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 15, 2015
Vulnerability Reserved
Sep 29, 2015