CVE-2015-5312

Priority
Description
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3
does not properly prevent entity expansion, which allows context-dependent
attackers to cause a denial of service (CPU consumption) via crafted XML
data, a different vulnerability than CVE-2014-3660.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (2.9.3)
Ubuntu 14.04 ESM (Trusty Tahr):released (2.9.1+dfsg1-3ubuntu4.6)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.9.2+zdfsg1-4ubuntu2)
Patches:
Upstream:https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e
More Information

Updated: 2020-09-10 04:47:14 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)