5
CVSSv2

CVE-2015-7995

Published: 17/11/2015 Updated: 08/03/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows malicious users to cause a denial of service via a crafted XML file, related to a "type confusion" issue.

Vulnerable Product Search on Vulmon Subscribe to Product

apple iphone os

apple mac os x

apple tvos

apple watchos

xmlsoft libxslt

Vendor Advisories

A type confusion vulnerability was discovered in the xsltStylePreCompute() function of libxslt A remote attacker could possibly exploit this flaw to cause an application using libxslt to crash by tricking the application into processing a specially crafted XSLT document ...
Several vulnerabilities were discovered in libxslt, an XSLT processing runtime library, which could lead to information disclosure or denial-of-service (application crash) against an application using the libxslt library For the stable distribution (jessie), these problems have been fixed in version 1128-2+deb8u1 We recommend that you upgrade y ...
Debian Bug report logs - #802971 libxslt: CVE-2015-7995: Type confusion may cause DoS Package: src:libxslt; Maintainer for src:libxslt is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 25 Oct 2015 18:18:02 UTC Severity: important ...
Several security issues were fixed in Libxslt ...
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available To learn more about Apple Product Security, see the Apple Product Security website For information about the Apple Product Security PGP Key, see How to use ...
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available To learn more about Apple Product Security, see the Apple Product Security website For information about the Apple Product Security PGP Key, see How to use ...
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available To learn more about Apple Product Security, see the Apple Product Security website For information about the Apple Product Security PGP Key, see How to use ...
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available To learn more about Apple Product Security, see the Apple Product Security website For information about the Apple Product Security PGP Key, see How to use ...
For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available To learn more about Apple Product Security, see the Apple Product Security website For information about the Apple Product Security PGP Key, see How to use ...
Oracle Solaris Third Party Bulletin - April 2019 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical ...
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices Security patch levels of June 05, 2017 or later address all of these issues Refer to the Pixel and Nexus update schedule to learn how to check a device's security patch level Partners were notified of the issues described in the bulletin at least ...
Table of Contents• Description • Affected Products and Components • Mitigation and Upgrades • Vulnerability Descriptions and Ratings • Multiple vulnerabilities in OpenSSL including DROWN (CVE-2016-0800) (SPL-110363, SPL-115028, SPL-115027, SPL-115026, SPL-115025) • Splunk Web Denial of Service via HTTP Header (SPL-102960, SPL-102961, SP ...
Oracle Solaris Third Party Bulletin - January 2016 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Up ...

References

NVD-CWE-Otherhttp://lists.apple.com/archives/security-announce/2016/Jan/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2016/Jan/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2016/Jan/msg00005.htmlhttp://lists.apple.com/archives/security-announce/2016/Mar/msg00001.htmlhttp://lists.opensuse.org/opensuse-updates/2016-05/msg00123.htmlhttp://www.debian.org/security/2016/dsa-3605http://www.openwall.com/lists/oss-security/2015/10/27/10http://www.openwall.com/lists/oss-security/2015/10/28/4http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.htmlhttp://www.securityfocus.com/bid/77325http://www.securitytracker.com/id/1034736http://www.securitytracker.com/id/1038623http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.386546https://bugzilla.redhat.com/show_bug.cgi?id=1257962https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05111017https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380https://puppet.com/security/cve/cve-2015-7995https://support.apple.com/HT205729https://support.apple.com/HT205731https://support.apple.com/HT205732https://support.apple.com/HT206168https://www.rapid7.com/db/vulnerabilities/suse-cve-2015-7995https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-7995https://usn.ubuntu.com/3271-1/http://tools.cisco.com/security/center/viewAlert.x?alertId=43118