CVE-2015-7499

Description

Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.

Affected packages (2)

• Debian/libxml2from 0, < 2.9.3+dfsg1-1
• RubyGems/nokogiri>= 1.6.0, < 1.6.7.2

References (18)

• ADVISORYhttps://github.com/advisories/GHSA-jxjr-5h69-qw3w
• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2015-7499
• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-7499
• WEBhttp://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
• WEBhttp://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html
• WEBhttp://rhn.redhat.com/errata/RHSA-2015-2549.html
• WEBhttp://rhn.redhat.com/errata/RHSA-2015-2550.html
• WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1281925
• WEBhttps://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc
• WEBhttps://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da
• WEBhttps://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-7499.yml
• WEBhttps://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM
• WEBhttps://security.gentoo.org/glsa/201701-37
• WEBhttps://web.archive.org/web/20210724022841/http://www.securityfocus.com/bid/79509
• WEBhttps://web.archive.org/web/20211205133229/https://securitytracker.com/id/1034243
• WEBhttp://www.debian.org/security/2015/dsa-3430
• WEBhttp://www.ubuntu.com/usn/USN-2834-1
• WEBhttp://xmlsoft.org/news.html