High severity7.5NVD Advisory· Published Apr 13, 2016· Updated May 6, 2026
CVE-2015-8806
CVE-2015-8806
Description
dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
nokogiriRubyGems | >= 1.6.0, < 1.6.8 | 1.6.8 |
Affected products
6cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- www.openwall.com/lists/oss-security/2016/02/03/5nvdMailing ListThird Party AdvisoryWEB
- www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlnvdThird Party AdvisoryWEB
- www.securityfocus.com/bid/82071nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-2994-1nvdThird Party AdvisoryWEB
- bugzilla.gnome.org/show_bug.cginvdIssue TrackingVendor AdvisoryWEB
- github.com/advisories/GHSA-7hp2-xwpj-95jqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2015-8806ghsaADVISORY
- security.gentoo.org/glsa/201701-37nvdThird Party AdvisoryWEB
- www.debian.org/security/2016/dsa-3593nvdThird Party AdvisoryWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-8806.ymlghsaWEB
- github.com/sparklemotion/nokogiri/issues/1473ghsaWEB
- web.archive.org/web/20160928171015/http://www.securityfocus.com/bid/82071ghsaWEB
News mentions
0No linked articles in our index yet.