logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2015-8035

Description

The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. #### Bugs * <https://bugzilla.gnome.org/show_bug.cgi?id=757466> #### Notes Author| Note ---|--- [tyhicks](<https://launchpad.net/~tyhicks>) | The test xz file does not trigger the DoS in our 2.9.2 builds. xz support was accidentally disabled in 2.9.2. Marking the devel release as 'needed' so that the build system fix (18b8988511b0954272cac4d6c3e6724f9dbf6e0a) doesn't slip in without this CVE fix.


Affected Package


OS OS Version Package Name Package Version
ubuntu 14.04 libxml2 2.9.1+dfsg1-3ubuntu4.5
ubuntu upstream libxml2 any

Related