VDB
GCVE-110-MAGEIA-2015-457
GCVE-110-MAGEIA-2015-457
Advisory Published
Updated libxml2 packages fix security vulnerabilities:
In libxml2 before 2.9.3, one case where when dealing with entities expansion,
it failed to exit, leading to a denial of service (CVE-2015-5312).
In libxml2 before 2.9.3, it was possible to hit a negative offset in the name
indexing used to randomize the dictionary key generation, causing a heap
buffer overflow in xmlDictComputeFastQKey (CVE-2015-7497).
In libxml2 before 2.9.3, after encoding conversion failures, the parser was
continuing to process to extract more errors, which can potentially lead to
unexpected behaviour (CVE-2015-7498).
In libxml2 before 2.9.3, the parser failed to detect a case where the current
pointer to the input was out of range, leaving it in an incoherent state
(CVE-2015-7499).
In libxml2 before 2.9.3, a memory access error could happen while processing
a start tag due to incorrect entities boundaries (CVE-2015-7500).
In libxml2 before 2.9.3, a buffer overread in xmlNextChar due to extra
processing of MarkupDecl after EOF has been reached (CVE-2015-8241).
In libxml2 before 2.9.3, stack-basedb uffer overead with HTML parser in push
mode (CVE-2015-8242).
In libxml2 before 2.9.3, out of bounds heap reads could happen due to failure
processing the encoding declaration of the XMLDecl in xmlParseEncodingDecl
(CVE-2015-8317).
In libxml2 before 2.9.3, out of bounds memory access via unclosed html
comment (CVE-2015-8710).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | libxml2 | 0 (affected), 2.9.3-1.mga5 (unaffected) | — |
References
Browse GCVE Records
73,443 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.