Out-of-Bounds Read Vulnerability in Libxml2 by GNOME
CVE-2023-39615

6.5MEDIUM

Key Information:

Vendor: Xmlsoft
Status: Libxml2
Vendor: CVE Published:; 29 August 2023

What is CVE-2023-39615?

An out-of-bounds read vulnerability exists within Libxml2, specifically in the xmlSAX2StartElement() function. This flaw permits attackers to trigger a Denial of Service (DoS) by providing a specially crafted XML file. It is important to note that despite the vendor's stance that the legacy SAX1 interface with custom callbacks is unsupported, crashes can occur even without any tailored input.

References

https://gitlab.gnome.org/GNOME/libxml2/-/issues/535

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 29, 2023
Vulnerability Reserved
Aug 7, 2023

Xmlsoft

What is CVE-2023-39615?

References

CVSS V3.1

Timeline