CVE-2015-3451

EPSS 3.4%

libxml-libxml-perl - security update

Published: 5/12/2015Modified: 4/28/2026

Also known as:DEBIAN-CVE-2015-3451

Description

The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.

Affected packages (3)

Debian/libxml-libxml-perlfrom 0, < 2.0116+dfsg-2
Debian/libxml-libxml-perlfrom 0, < 1.70.ds-1+deb6u1
Debian/libxml-libxml-perlfrom 0, < 2.0001+dfsg-1+deb7u1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-3451