CVE-2015-7941

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2015-7941

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2015-7941.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2015-7941

Downstream

DEBIAN-CVE-2015-7941

DLA-266-1

DSA-3430-1

RHSA-2015:2549

RHSA-2015:2550

SUSE-SU-2016:0030-1

SUSE-SU-2016:0049-1

SUSE-SU-2016:0786-1

UBUNTU-CVE-2015-7941

USN-2812-1

openSUSE-SU-2024:10192-1

openSUSE-SU-2024:10549-1

openSUSE-SU-2024:11340-1

openSUSE-SU-2024:11912-1

openSUSE-SU-2024:13165-1

openSUSE-SU-2024:14174-1

openSUSE-SU-2025:14697-1

Related

Published

2015-11-18T16:59:04Z

Modified

2025-08-09T19:01:27Z

Summary

[none]

Details

libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.

References

Affected packages