[Bug 1276297] New: CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections()

Thu Oct 29 11:42:52 UTC 2015

https://bugzilla.redhat.com/show_bug.cgi?id=1276297

            Bug ID: 1276297
           Summary: CVE-2015-7942 libxml2: heap-based buffer overflow in
                    xmlParseConditionalSections()
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: security-response-team at redhat.com
          Reporter: mprpic at redhat.com
                CC: athmanem at gmail.com, c.david86 at gmail.com,
                    drizt at land.ru, erik-fedora at vanpienbroek.nl,
                    fedora-mingw at lists.fedoraproject.org,
                    ktietz at redhat.com, lfarkas at lfarkas.org,
                    ohudlick at redhat.com, rjones at redhat.com,
                    veillard at redhat.com

A heap-based buffer overflow flaw was found in the way libxml2 parsed certain
crafted XML input. A remote attacker could provide a specially-crafted XML file
that, when opened in an application linked against libxml2, would cause the
application to crash.

Upstream patch:

https://git.gnome.org/browse/libxml2/commit/?id=9b8512337d14c8ddf662fcb98b0135f225a1c489

Upstream bug:

https://bugzilla.gnome.org/show_bug.cgi?id=756456

CVE assignment:

http://seclists.org/oss-sec/2015/q4/130

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=JWm7G50nVi&a=cc_unsubscribe