CVE-2015-7942

Priority
Description
The xmlParseConditionalSections function in parser.c in libxml2 does not
properly skip intermediary entities when it stops parsing invalid input,
which allows context-dependent attackers to cause a denial of service
(out-of-bounds read and crash) via crafted XML data, a different
vulnerability than CVE-2015-7941.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (2.9.2+really2.9.1+dfsg1-0.1)
Ubuntu 14.04 ESM (Trusty Tahr):released (2.9.1+dfsg1-3ubuntu4.5)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.9.2+zdfsg1-4ubuntu1)
Patches:
Upstream:https://git.gnome.org/browse/libxml2/commit/?id=bd0526e66a56e75a18da8c15c4750db8f801c52d
Upstream:https://git.gnome.org/browse/libxml2/commit/?id=41ac9049a27f52e7a1f3b341f8714149fc88d450
More Information

Updated: 2020-01-29 19:53:18 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)