Back to search
CVE-2015-8035
Published: Nov 18, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
APPLE-SA-2016-03-21-5
vendor-advisory
x_refsource_APPLE
openSUSE-SU-2016:0106
vendor-advisory
x_refsource_SUSE
https://support.apple.com/HT206167
x_refsource_CONFIRM
https://support.apple.com/HT206168
x_refsource_CONFIRM
DSA-3430
vendor-advisory
x_refsource_DEBIAN
[oss-security] 20151102 CVE request: DoS in libxml2 if xz is enabled
mailing-list
x_refsource_MLIST
APPLE-SA-2016-03-21-1
vendor-advisory
x_refsource_APPLE
http://xmlsoft.org/news.html
x_refsource_CONFIRM
FEDORA-2016-a9ee80b01d
vendor-advisory
x_refsource_FEDORA
RHSA-2016:1089
vendor-advisory
x_refsource_REDHAT
APPLE-SA-2016-03-21-2
vendor-advisory
x_refsource_APPLE
1034243
vdb-entry
x_refsource_SECTRACK
USN-2812-1
vendor-advisory
x_refsource_UBUNTU
[oss-security] 20151102 Re: CVE request: DoS in libxml2 if xz is enabled
mailing-list
x_refsource_MLIST
FEDORA-2016-189a7bf68c
vendor-advisory
x_refsource_FEDORA
[oss-security] 20151103 Re: CVE request: DoS in libxml2 if xz is enabled
mailing-list
x_refsource_MLIST
GLSA-201701-37
vendor-advisory
x_refsource_GENTOO
77390
vdb-entry
x_refsource_BID
openSUSE-SU-2015:2372
vendor-advisory
x_refsource_SUSE
APPLE-SA-2016-03-21-3
vendor-advisory
x_refsource_APPLE
https://support.apple.com/HT206169
x_refsource_CONFIRM
https://support.apple.com/HT206166
x_refsource_CONFIRM
https://bugzilla.gnome.org/show_bug.cgi?id=757466
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now