CVE-2015-7498: Buffer Overflow
First published: Fri Nov 13 2015(Updated: )
Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extracting errors after an encoding conversion failure.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| HP IceWall Federation Agent | =3.0 | |
| HP Icewall File Manager | =3.0 | |
| Ubuntu | =12.04 | |
| Ubuntu | =14.04 | |
| Ubuntu | =15.04 | |
| Ubuntu | =15.10 | |
| Debian | =7.0 | |
| Debian | =8.0 | |
| Red Hat Enterprise Linux Desktop | =6.0 | |
| Red Hat Enterprise Linux HPC Node | =6.0 | |
| Red Hat Enterprise Linux Server | =6.0 | |
| Red Hat Enterprise Linux Workstation | =6.0 | |
| libxml2-devel | <=2.9.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.gnome.org/show_bug.cgi?id=756527
- https://git.gnome.org/browse/libxml2/commit/?id=afd27c21f6b36e22682b7da20d726bce2dcb2f43
- https://rhn.redhat.com/errata/RHSA-2015-2549.html
- https://rhn.redhat.com/errata/RHSA-2015-2550.html
- https://rhn.redhat.com/errata/RHSA-2016-1089.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1281879
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
- http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html
- http://marc.info/?l=bugtraq&m=145382616617563&w=2
- http://rhn.redhat.com/errata/RHSA-2015-2549.html
- http://rhn.redhat.com/errata/RHSA-2015-2550.html
- http://rhn.redhat.com/errata/RHSA-2016-1089.html
- http://www.debian.org/security/2015/dsa-3430
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/79548
- http://www.securitytracker.com/id/1034243
- http://www.ubuntu.com/usn/USN-2834-1
- http://xmlsoft.org/news.html
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04944172
- https://security.gentoo.org/glsa/201701-37
Frequently Asked Questions
What is the severity of CVE-2015-7498?
CVE-2015-7498 has a severity rating that could allow a denial of service due to heap-based buffer overflow.
How do I fix CVE-2015-7498?
To fix CVE-2015-7498, upgrade to libxml2 version 2.9.3 or later.
Which software is affected by CVE-2015-7498?
CVE-2015-7498 affects libxml2 versions prior to 2.9.3, as well as various software including HP IceWall Federation Agent 3.0 and Ubuntu Linux versions 12.04 to 15.10.
What type of vulnerability is CVE-2015-7498?
CVE-2015-7498 is a heap-based buffer overflow vulnerability.
Can CVE-2015-7498 be exploited remotely?
Yes, CVE-2015-7498 can potentially be exploited by context-dependent attackers through specific vectors.
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-7498
- agent/weakness
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/hp
- canonical/hp icewall federation agent
- version/hp icewall federation agent/3.0
- canonical/hp icewall file manager
- version/hp icewall file manager/3.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/12.04
- version/ubuntu/14.04
- version/ubuntu/15.04
- version/ubuntu/15.10
- vendor/debian
- canonical/debian
- version/debian/7.0
- version/debian/8.0
- vendor/redhat
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/6.0
- canonical/red hat enterprise linux hpc node
- version/red hat enterprise linux hpc node/6.0
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/6.0
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/6.0
- vendor/xmlsoft
- canonical/libxml2-devel
- version/libxml2-devel/2.9.2