CVE-2015-8035

Published: Nov 18, 2015Modified: May 6, 2026

2.6

Vector

AV:N/AC:H/Au:N/C:N/I:N/A:P

Exploitability: 4.9 / Impact: 2.9

Source: NVD

Description

The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.

Affected (8)

Products: Debian: Debian Linux · Xmlsoft: Libxml2 · Apple: Iphone Os, Mac Os X, Tvos, Watchos · +1 more

Show all products

Debian: Debian Linux · Xmlsoft: Libxml2 · Apple: Iphone Os, Mac Os X, Tvos, Watchos · Canonical: Ubuntu Linux

1 product

1 product

4 products

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 7.0
Debian Debian Linux	Version 8.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Xmlsoft Libxml2	Version 2.9.1

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Up to 9.2.1
Apple Mac Os X	Up to 10.11.3
Apple Tvos	Up to 9.1
Apple Watchos	Up to 2.1

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04

Related CWEs

CWE-399

References (50)

http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177341.html

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177381.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2016-1089.html

Source: cve@mitre.org

http://www.debian.org/security/2015/dsa-3430

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2015/11/02/2

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2015/11/02/4

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2015/11/03/1

Source: cve@mitre.org

http://www.securityfocus.com/bid/77390

Source: cve@mitre.org

http://www.securitytracker.com/id/1034243

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-2812-1

Source: cve@mitre.org

http://xmlsoft.org/news.html

Source: cve@mitre.org

Vendor Advisory

https://bugzilla.gnome.org/show_bug.cgi?id=757466

Source: cve@mitre.org

Exploit

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017

Source: cve@mitre.org

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380

Source: cve@mitre.org

https://security.gentoo.org/glsa/201701-37

Source: cve@mitre.org

https://support.apple.com/HT206166

Source: cve@mitre.org

https://support.apple.com/HT206167

Source: cve@mitre.org

https://support.apple.com/HT206168

Source: cve@mitre.org

https://support.apple.com/HT206169

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html