CVE-2015-7995
First published: Fri Aug 28 2015(Updated: )
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Android | ||
| Apple iPhone OS | <=9.2 | |
| Apple Mac OS X | <=10.11.2 | |
| Apple tvOS | <=9.1 | |
| Apple watchOS | <=2.1 | |
| Xmlsoft Libxslt | <=1.1.28 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://source.android.com/docs/security/bulletin/2017-06-01/#asterisk
- https://source.android.com/docs/security/bulletin/2017-06-01 (Advisory)
- http://lists.apple.com/archives/security-announce/2016/Jan/msg00002.html
- http://lists.apple.com/archives/security-announce/2016/Jan/msg00003.html
- http://lists.apple.com/archives/security-announce/2016/Jan/msg00005.html
- http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html
- http://lists.opensuse.org/opensuse-updates/2016-05/msg00123.html
- http://www.debian.org/security/2016/dsa-3605
- http://www.openwall.com/lists/oss-security/2015/10/27/10
- http://www.openwall.com/lists/oss-security/2015/10/28/4
- http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
- http://www.securityfocus.com/bid/77325
- http://www.securitytracker.com/id/1034736
- http://www.securitytracker.com/id/1038623
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.386546
- https://bugzilla.redhat.com/show_bug.cgi?id=1257962
- https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380
- https://puppet.com/security/cve/cve-2015-7995
- https://support.apple.com/HT205729
- https://support.apple.com/HT205731
- https://support.apple.com/HT205732
- https://support.apple.com/HT206168
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1257058
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1068010
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1068010&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1257982
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1257983
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1257962#c4
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1257962#c5
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1257962#c9
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1257962#c11
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1086465&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=1086465&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1257962#c13
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1257962#c18
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/references
- agent/author
- agent/description
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-7995
- vendor/apple
- canonical/apple iphone os
- version/apple iphone os/9.2
- canonical/apple mac os x
- version/apple mac os x/10.11.2
- canonical/apple tvos
- version/apple tvos/9.1
- canonical/apple watchos
- version/apple watchos/2.1
- vendor/xmlsoft
- canonical/xmlsoft libxslt
- version/xmlsoft libxslt/1.1.28
- vendor/google
- canonical/google android