« List of all CVEs

CVE-2015-8317

Published: 12/15/2015 Last updated: 8/6/2024 Reserved: 11/22/2015

The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (5)

bap-llvm conf-gtksourceview conf-gtksourceview3 conf-librsvg2 lablgtk3-gtkspell3

Products affected (1)

Product Vendor Version
n/a n/a 10 Version 1709 for x64-based Systems

References (64)