CVE-2015-7941

Vulnerability

A denial of service vulnerability exists in libxml2 version 2.9.2, where the parser does not properly stop processing malformed XML input. The flaw resides in the xmlParseEntityDecl and xmlParseConditionalSections functions in parser.c, triggered by non-terminated entity declarations or conditional sections. This out-of-bounds read issue can be exploited by supplying crafted XML that causes the parser to read beyond the allocated buffer, resulting in a crash. [1][2][4]

Exploitation

An attacker can exploit this vulnerability by providing specially crafted XML data to an application using the affected libxml2 version. No authentication is required, and the attack vector is remote (network). The vulnerable code path is reachable when the parser encounters non-terminated entities in a document, which leads to improper termination of parsing and subsequent invalid memory access. [1][2][4]

Impact

Successful exploitation causes libxml2 to crash, resulting in a denial of service condition for the application relying on the library. The impact is limited to availability; there is no indication of information disclosure or privilege escalation from this specific CVE. [1][2]

Mitigation

Red Hat Enterprise Linux 6 and 7 users should update to libxml2-2.9.1-6.el7_2.2 (or later) which contains a backported patch. [1][2] Ubuntu users should apply USN-2812-1, which fixes this issue for Ubuntu 12.04 LTS, 14.04 LTS, and 15.04. [4] HP Enterprise IceWall products (version 3.0) were also affected; HPE published a security bulletin (HPSBGN03537) recommending updates. [3] No workaround is available; applying the vendor-provided patched package is the only mitigation.