Debian Security Advisory
DLA-373-1 libxml2 -- LTS security update
- Date Reported:
- 26 Dec 2015
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500.
- More information:
Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or crash the application.
CPU exhaustion when processing specially crafted XML input.
Heap-based buffer overflow in xmlDictComputeFastQKey.
Heap-based buffer overflow in xmlParseXmlDecl.
Heap-based buffer overflow in xmlGROW.
Heap buffer overflow in xmlParseMisc.