libxml2: Out-of-bounds heap read when parsing file with unfinished xml declaration

🗓️ 07 Dec 2015 11:59:33Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 3 Views

libxml2 denial of service via out-of-bounds heap read in incomplete XML declaration may leak data.

Reporter	Title	Published	Views	Family All 162
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Libxml2 affect IBM Security Network Protection	16 Jun 201821:39	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple liblxm2 vulnerabilities	18 Jun 201801:32	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in libxml2 affect PowerKVM	18 Jun 201801:30	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in XML processing affect IBM DataPower Gateways	8 Jun 202122:18	–	ibm
IBM Security Bulletins	Security Bulletin: Fixes for Multiple Security Vulnerabilities in IBM Security Identity Manager Virtual Appliance available	16 Jun 201821:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium is affected by the OpenSource libxml2 vulnerability	16 Jun 201821:40	–	ibm
IBM Security Bulletins	Security Bulletins - Cognos Analytics and Cognos Business Intelligence	19 Jul 201816:57	–	ibm
IBM Security Bulletins	Security Bulletin: OpenSource libXML2 Vulnerabilities affect Identity Insight 8.1	16 Jun 201813:38	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in libpng and libxml affect Rational DOORS	1 May 202008:19	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Libxml2 affect Rational Systems Tester	17 Jun 201805:07	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	7	ppc	libxml2	0:2.9.1-6.el7_2.2	libxml2-0:2.9.1-6.el7_2.2.ppc.rpm
Red Hat Enterprise Linux	7	ppc64	libxml2	0:2.9.1-6.el7_2.2	libxml2-0:2.9.1-6.el7_2.2.ppc64.rpm
Red Hat Enterprise Linux	7	ppc64le	libxml2	0:2.9.1-6.el7_2.2	libxml2-0:2.9.1-6.el7_2.2.ppc64le.rpm
Red Hat Enterprise Linux	7	s390	libxml2	0:2.9.1-6.el7_2.2	libxml2-0:2.9.1-6.el7_2.2.s390.rpm
Red Hat Enterprise Linux	7	s390x	libxml2	0:2.9.1-6.el7_2.2	libxml2-0:2.9.1-6.el7_2.2.s390x.rpm
Red Hat Enterprise Linux	7	x86_64	libxml2	0:2.9.1-6.el7_2.2	libxml2-0:2.9.1-6.el7_2.2.x86_64.rpm
Red Hat Enterprise Linux	7	any	libxml2	0:2.9.1-6.el7_2.2.i686	libxml2-0:2.9.1-6.el7_2.2.i686.noarch.rpm
Red Hat Enterprise Linux	7	ppc	libxml2-debuginfo	0:2.9.1-6.el7_2.2	libxml2-debuginfo-0:2.9.1-6.el7_2.2.ppc.rpm
Red Hat Enterprise Linux	7	ppc64	libxml2-debuginfo	0:2.9.1-6.el7_2.2	libxml2-debuginfo-0:2.9.1-6.el7_2.2.ppc64.rpm
Red Hat Enterprise Linux	7	ppc64le	libxml2-debuginfo	0:2.9.1-6.el7_2.2	libxml2-debuginfo-0:2.9.1-6.el7_2.2.ppc64le.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2015-8317
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2015-8317
cve	www.cve.org/CVERecord

14 May 2026 22:22Current

7.2High risk

Vulners AI Score7.2

CVSS 25

EPSS0.00486

libxml2 denial of service out of bounds heap read incomplete xml declaration crafted file data leak remote attacker