CVE-2015-8242

Priority
Description
The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML
parser in libxml2 before 2.9.3 allows context-dependent attackers to cause
a denial of service (stack-based buffer over-read and application crash) or
obtain sensitive information via crafted XML data.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (2.9.3)
Ubuntu 14.04 ESM (Trusty Tahr):released (2.9.1+dfsg1-3ubuntu4.6)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.9.2+zdfsg1-4ubuntu2)
Patches:
Upstream:https://git.gnome.org/browse/libxml2/commit/?id=8fb4a770075628d6441fb17a1e435100e2f3b1a2
More Information

Updated: 2020-09-10 04:56:16 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)