A denial of service flaw was found in the way the libxml2 library parsed
certain XML files. An attacker could provide a specially crafted XML
file that, when parsed by an application using libxml2, could cause that
application to use an excessive amount of memory.
A denial of service flaw was found that is leading to CPU exhaustion
when processing specially crafted XML input. The issue was within
detecting entities expansions in certain situations.
It has been discovered that libxml2 does not properly stop parsing
invalid input, which allows context-dependent attackers to cause a
denial of service (out-of-bounds read and libxml2 crash) via crafted XML
data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections
function in parser.c, as demonstrated by non-terminated entities.
The xmlParseConditionalSections function in parser.c in libxml2 does not
properly skip intermediary entities when it stops parsing invalid input,
which allows context-dependent attackers to cause a denial of service
(out-of-bounds read and crash) via crafted XML data.
A heap-based buffer overflow has been discovered in
xmlDictComputeFastQKey. It was possible to hit a negative offset in the
name indexing used to randomize the dictionary key generation.
A Heap-based buffer overflow was found in xmlParseXmlDecl. When
conversion failure happens, parser continues to extract more errors
which may lead to unexpected behavior.
A heap-based buffer overflow was found in xmlGROW allowing the attacker
to read the memory out of bounds.
A Heap-based buffer overflow has been discovered in xmlParseMisc when
not properly handling the case where the parser popped out of the
current entity while processing a start tag.
A denial of service vulnerability has been discovered when parsing
specially crafted XML document while XZ support is enabled. The
xz_decomp function in xzlib.c did not properly detect compression
errors, which allows context-dependent attackers to cause a denial of
service (process hang) via crafted XML data.
A stack buffer overflow has been discovered in push mode in
xmlSAX2TextNode. It is possible to have an input cause out of bounds
memory to be returned to userspace through the use of libxml2, which
could be used to cause denial of service attacks, or gain sensitive
information.
access.redhat.com/security/cve/CVE-2015-1819
access.redhat.com/security/cve/CVE-2015-5312
access.redhat.com/security/cve/CVE-2015-7497
access.redhat.com/security/cve/CVE-2015-7498
access.redhat.com/security/cve/CVE-2015-7499
access.redhat.com/security/cve/CVE-2015-7500
access.redhat.com/security/cve/CVE-2015-7941
access.redhat.com/security/cve/CVE-2015-7942
access.redhat.com/security/cve/CVE-2015-8035
access.redhat.com/security/cve/CVE-2015-8242
bugs.archlinux.org/task/47095
mail.gnome.org/archives/xml/2015-November/msg00012.html