CVE-2015-6837

Priority
Description
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before
5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before
2.9.2 is used, does not consider the possibility of a NULL valuePop return
value before proceeding with a free operation during initial error
checking, which allows remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted XML document, a
different vulnerability than CVE-2015-6838.
Assigned-to
mdeslaur
Notes
sbeattieDoS only?
Package
Source: php5 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):released (5.5.9+dfsg-1ubuntu4.13)
Patches:
Upstream:http://git.php.net/?p=php-src.git;a=commit;h=1744be2d17befc69bf00033993f4081852a747d6
More Information

Updated: 2019-12-05 18:42:47 UTC (commit dd38ff22974aae499eb50644b9d5a2817483cbdb)