VDB

GCVE-110-MAGEIA-2015-457

GCVE-110-MAGEIA-2015-457
Advisory Published
Vulnetix · Advisory published November 26, 2015
Updated libxml2 packages fix security vulnerabilities: In libxml2 before 2.9.3, one case where when dealing with entities expansion, it failed to exit, leading to a denial of service (CVE-2015-5312). In libxml2 before 2.9.3, it was possible to hit a negative offset in the name indexing used to randomize the dictionary key generation, causing a heap buffer overflow in xmlDictComputeFastQKey (CVE-2015-7497). In libxml2 before 2.9.3, after encoding conversion failures, the parser was continuing to process to extract more errors, which can potentially lead to unexpected behaviour (CVE-2015-7498). In libxml2 before 2.9.3, the parser failed to detect a case where the current pointer to the input was out of range, leaving it in an incoherent state (CVE-2015-7499). In libxml2 before 2.9.3, a memory access error could happen while processing a start tag due to incorrect entities boundaries (CVE-2015-7500). In libxml2 before 2.9.3, a buffer overread in xmlNextChar due to extra processing of MarkupDecl after EOF has been reached (CVE-2015-8241). In libxml2 before 2.9.3, stack-basedb uffer overead with HTML parser in push mode (CVE-2015-8242). In libxml2 before 2.9.3, out of bounds heap reads could happen due to failure processing the encoding declaration of the XMLDecl in xmlParseEncodingDecl (CVE-2015-8317). In libxml2 before 2.9.3, out of bounds memory access via unclosed html comment (CVE-2015-8710).

Affected Products

VendorProductVersionsPlatforms
Mageialibxml20 (affected), 2.9.3-1.mga5 (unaffected)

Browse GCVE Records

73,443 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›