The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.

OSVersionArchitecturePackageVersionFilename
Debian12alllibxml2< 2.9.3+dfsg1-1libxml2_2.9.3+dfsg1-1_all.deb
Debian11alllibxml2< 2.9.3+dfsg1-1libxml2_2.9.3+dfsg1-1_all.deb
Debian10alllibxml2< 2.9.3+dfsg1-1libxml2_2.9.3+dfsg1-1_all.deb
Debian999alllibxml2< 2.9.3+dfsg1-1libxml2_2.9.3+dfsg1-1_all.deb
Debian13alllibxml2< 2.9.3+dfsg1-1libxml2_2.9.3+dfsg1-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	libxml2	< 2.9.3+dfsg1-1	libxml2_2.9.3+dfsg1-1_all.deb
Debian	11	all	libxml2	< 2.9.3+dfsg1-1	libxml2_2.9.3+dfsg1-1_all.deb
Debian	10	all	libxml2	< 2.9.3+dfsg1-1	libxml2_2.9.3+dfsg1-1_all.deb
Debian	999	all	libxml2	< 2.9.3+dfsg1-1	libxml2_2.9.3+dfsg1-1_all.deb
Debian	13	all	libxml2	< 2.9.3+dfsg1-1	libxml2_2.9.3+dfsg1-1_all.deb

cve 3

openvas 18

nessus 36

ubuntucve 3

veracode 1

mageia 1

prion 3

alpinelinux 2

redhatcve 2

debiancve 2

fedora 4

ubuntu 1

ibm 10

rubygems 1

redhat 1

centos 1

amazon 2

oraclelinux 1

f5 1

archlinux 1

freebsd 1

debian 2

osv 35

gentoo 1

apple 8

suse 1

tenable 1

ics 1

cve

CVE-2015-8035

2015-11-18 16:59:00

CVE-2018-9251

2018-04-04 02:29:00

CVE-2018-14567

2018-08-16 20:29:00

openvas

Mageia: Security Advisory (MGASA-2015-0433)

2015-11-08 00:00:00

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2019-1316)

2020-01-23 00:00:00

Fedora Update for mingw-libxml2 FEDORA-2016-189

2016-02-17 00:00:00

nessus

Tenable Log Correlation Engine (LCE) < 4.8.0 Libxml2 DoS

2016-04-25 00:00:00

EulerOS 2.0 SP5 : libxml2 (EulerOS-SA-2019-1316)

2019-05-01 00:00:00

Oracle Linux 8 : libxml2 (ELSA-2020-1827)

2023-09-07 00:00:00

ubuntucve

CVE-2015-8035

2015-11-02 00:00:00

CVE-2018-9251

2018-04-04 00:00:00

CVE-2018-14567

2018-07-31 00:00:00

veracode

Denial Of Service (DoS)

2018-08-01 07:49:45

mageia

Updated libxml2 packages fix security vulnerability

2015-11-06 01:46:03

prion

Design/Logic Flaw

2015-11-18 16:59:00

Design/Logic Flaw

2018-04-04 02:29:00

Design/Logic Flaw

2018-08-16 20:29:00

alpinelinux

CVE-2018-9251

2018-04-04 02:29:00

CVE-2018-14567

2018-08-16 20:29:00

redhatcve

CVE-2018-9251

2018-04-09 20:20:56

CVE-2018-14567

2018-08-22 02:19:05

debiancve

CVE-2018-9251

2018-04-04 02:29:00

CVE-2018-14567

2018-08-16 20:29:00

fedora

[SECURITY] Fedora 23 Update: mingw-libxml2-2.9.3-1.fc23

2016-02-17 04:02:04

[SECURITY] Fedora 22 Update: mingw-libxml2-2.9.3-1.fc22

2016-02-17 04:26:04

[SECURITY] Fedora 23 Update: libxml2-2.9.3-1.fc23

2015-11-26 21:01:32

ubuntu

libxml2 vulnerabilities

2015-11-16 00:00:00

ibm

Security Bulletin: IBM MQ Appliance is affected by multiple libxml2 vulnerabilities

2020-07-27 09:24:37

Security Bulletin: Multiple Vulnerabilities in libxml2 affects IBM Watson Studio Local

2019-12-18 18:01:21

Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities

2021-04-09 03:15:36

rubygems

Nokogiri gem contains several vulnerabilities in libxml2 and libxslt

2015-04-13 21:00:00

redhat

(RHSA-2020:1190) Moderate: libxml2 security update

2020-03-31 09:30:25

centos

libxml2 security update

2020-04-08 18:42:56

amazon

Important: libxml2

2020-08-10 22:59:00

Important: libxml2

2020-07-21 16:34:00

oraclelinux

libxml2 security update

2020-04-06 00:00:00

K76678525 : libxml2 vulnerabilities CVE-2015-8035 CVE-2016-5131 CVE-2017-15412 CVE-2017-18258 CVE-2018-14404 CVE-2018-14567

2022-02-15 00:00:00

archlinux

libxml2: multiple issues

2015-12-09 00:00:00

freebsd

libxml2 -- multiple vulnerabilities

2015-11-20 00:00:00

debian

[SECURITY] [DSA 3430-1] libxml2 security update

2015-12-23 13:19:18

[SECURITY] [DSA 3430-1] libxml2 security update

2015-12-23 13:19:18

osv

CVE-2016-9597

2018-07-30 14:29:02

CVE-2016-3709

2022-07-28 17:15:07

CVE-2016-4483

2017-04-11 16:59:00

gentoo

libxml2: Multiple vulnerabilities

2017-01-16 00:00:00

apple

About the security content of tvOS 9.2

2016-03-21 00:00:00

About the security content of tvOS 9.2 - Apple Support

2017-01-23 03:54:34

About the security content of watchOS 2.2 - Apple Support

2017-01-23 03:54:34

suse

Security update for sles12-docker-image (important)

2016-03-16 15:28:52

tenable

[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities

2023-06-29 10:45:47

ics

Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1

2023-12-14 12:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.01 Low

EPSS

Percentile

83.1%

JSON

Related for DEBIANCVE:CVE-2015-8035