Debian Security Advisory
DLA-373-1 libxml2 -- LTS security update
- Date Reported:
- 26 Dec 2015
- Affected Packages:
- libxml2
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2015-5312, CVE-2015-7497, CVE-2015-7498, CVE-2015-7499, CVE-2015-7500.
- More information:
-
Several vulnerabilities were discovered in libxml2, a library providing support to read, modify and write XML and HTML files. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU, leak potentially sensitive information, or crash the application.
- CVE-2015-5312
CPU exhaustion when processing specially crafted XML input.
- CVE-2015-7497
Heap-based buffer overflow in xmlDictComputeFastQKey.
- CVE-2015-7498
Heap-based buffer overflow in xmlParseXmlDecl.
- CVE-2015-7499
Heap-based buffer overflow in xmlGROW.
- CVE-2015-7500
Heap buffer overflow in xmlParseMisc.
- CVE-2015-5312