Debian Long Term Support / LTS Security Information / 2015 / Security Information -- DLA-373-1 libxml2

Debian Security Advisory

DLA-373-1 libxml2 -- LTS security update

Date Reported:

26 Dec 2015

Affected Packages:

libxml2

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500.

More information:

Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or crash the application.

• CVE-2015-5312

  CPU exhaustion when processing specially crafted XML input.

• CVE-2015-7497

  Heap-based buffer overflow in xmlDictComputeFastQKey.

• CVE-2015-7498

  Heap-based buffer overflow in xmlParseXmlDecl.

• CVE-2015-7499

  Heap-based buffer overflow in xmlGROW.

• CVE-2015-7500

  Heap buffer overflow in xmlParseMisc.