CVE-2015-8317 in libxml2info

Summary

The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.

Once again VulDB remains the best source for vulnerability data.

Reservation

11/22/2015

Disclosure

12/15/2015

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
79334Xmlsoft libxml2 XML File xmlParseXMLDecl memory corruption119UnprovenOfficial fixCVE-2015-8317

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Want to know what is going to be exploited?

We predict KEV entries!