CVE-2015-5312

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2015-5312

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2015-5312.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2015-5312

Aliases

GHSA-xjqg-9jvg-fgx2

Downstream

DEBIAN-CVE-2015-5312

DLA-373-1

DSA-3430-1

RHSA-2015:2549

RHSA-2015:2550

SUSE-SU-2016:0030-1

SUSE-SU-2016:0049-1

SUSE-SU-2016:0786-1

UBUNTU-CVE-2015-5312

USN-2834-1

openSUSE-SU-2024:10192-1

openSUSE-SU-2024:10549-1

openSUSE-SU-2024:11340-1

openSUSE-SU-2024:11912-1

openSUSE-SU-2024:13165-1

openSUSE-SU-2024:14174-1

openSUSE-SU-2025:14697-1

Related

Published

2015-12-15T21:59:00Z

Modified

2025-08-09T19:01:27Z

Summary

[none]

Details

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.

References

Affected packages