[xml/sgml-pkgs] Bug#806384: libxml2: CVE-2015-8241: Buffer overread with XML parser in xmlNextChar

Salvatore Bonaccorso carnil at debian.org
Thu Nov 26 20:45:52 UTC 2015

Source: libxml2
Version: 2.9.2+zdfsg1-4
Severity: normal
Tags: security upstream patch fixed-upstream
Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=756263


the following vulnerability was published for libxml2. It is fixed
upstream with 2.9.3.

Can be reproduced with AFL and ASAN enabled with the PoC attached to
the upstream bug.

Buffer overread with XML parser in xmlNextChar

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-8241
[1] https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe
[2] https://bugzilla.gnome.org/show_bug.cgi?id=756263

Please adjust the affected versions in the BTS as needed.


More information about the debian-xml-sgml-pkgs mailing list