Moderate severityNVD Advisory· Published Dec 15, 2015· Updated May 6, 2026
CVE-2015-7499
CVE-2015-7499
Description
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
nokogiriRubyGems | >= 1.6.0, < 1.6.7.2 | 1.6.7.2 |
Affected products
20- cpe:2.3:a:hp:icewall_federation_agent:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:hp:icewall_file_manager:3.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
31- git.gnome.org/browse/libxml2/commit/nvdPatchThird Party AdvisoryWEB
- git.gnome.org/browse/libxml2/commit/nvdPatchThird Party AdvisoryWEB
- lists.apple.com/archives/security-announce/2016/Mar/msg00000.htmlnvdMailing ListThird Party Advisory
- lists.apple.com/archives/security-announce/2016/Mar/msg00001.htmlnvdMailing ListThird Party Advisory
- lists.apple.com/archives/security-announce/2016/Mar/msg00002.htmlnvdMailing ListThird Party Advisory
- lists.apple.com/archives/security-announce/2016/Mar/msg00004.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-updates/2015-12/msg00120.htmlnvdMailing ListThird Party AdvisoryWEB
- lists.opensuse.org/opensuse-updates/2016-01/msg00031.htmlnvdMailing ListThird Party AdvisoryWEB
- marc.infonvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2015-2549.htmlnvdThird Party AdvisoryWEB
- rhn.redhat.com/errata/RHSA-2015-2550.htmlnvdThird Party AdvisoryWEB
- www.debian.org/security/2015/dsa-3430nvdThird Party AdvisoryWEB
- www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/79509nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1034243nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-2834-1nvdThird Party AdvisoryWEB
- xmlsoft.org/news.htmlnvdVendor AdvisoryWEB
- github.com/advisories/GHSA-jxjr-5h69-qw3wghsaADVISORY
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvdThird Party Advisory
- nvd.nist.gov/vuln/detail/CVE-2015-7499ghsaADVISORY
- security.gentoo.org/glsa/201701-37nvdThird Party AdvisoryWEB
- support.apple.com/HT206166nvdVendor Advisory
- support.apple.com/HT206167nvdVendor Advisory
- support.apple.com/HT206168nvdVendor Advisory
- support.apple.com/HT206169nvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2016-1089.htmlnvdBroken Link
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-7499.ymlghsaWEB
- groups.google.com/forum/ghsaWEB
- web.archive.org/web/20210724022841/http://www.securityfocus.com/bid/79509ghsaWEB
- web.archive.org/web/20211205133229/https://securitytracker.com/id/1034243ghsaWEB
News mentions
0No linked articles in our index yet.