- Severity: 7
- Published: December 15, 2015
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.
- Severity: 7
- Published: November 18, 2015
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.
- Severity: 7
- Published: November 18, 2015
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.
- Severity: 7
- Published: November 18, 2015
The libxml2 library is a development toolbox providing the implementationof various XML standards.Several denial of service flaws were found in libxml2, a library providingsupport for reading, modifying, and writing XML and HTML files. A remoteattacker could provide a specially crafted XML or HTML file that, whenprocessed by an applicati...
- Severity: 7
- Published: November 18, 2015
The libxml2 library is a development toolbox providing the implementationof various XML standards.Several denial of service flaws were found in libxml2, a library providingsupport for reading, modifying, and writing XML and HTML files. A remoteattacker could provide a specially crafted XML or HTML file that, whenprocessed by an applicati...
- Severity: 7
- Published: November 18, 2015
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.
- Severity: 7
- Published: November 18, 2015
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.
- Severity: 7
- Published: November 18, 2015
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.
- Severity: 7
- Published: November 18, 2015
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.
- Severity: 7
- Published: November 18, 2015
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.