CVE-2015-7499 — MEDIUM (5.0)

Q: What is CVE-2015-7499?

CVE-2015-7499 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.

Q: How severe is CVE-2015-7499?

CVE-2015-7499 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-7499?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os, Apple Mac Os X, Apple Tvos, Apple Watchos, Canonical Ubuntu Linux.

Vulnerability Description

Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Apple	Iphone Os	<= 9.2.1
Apple	Mac Os X	<= 10.11.3
Apple	Tvos	<= 9.1
Apple	Watchos	<= 2.1
Canonical	Ubuntu Linux	12.04
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Hpc Node	6.0
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Workstation	6.0
Hp	Icewall Federation Agent	3.0
Hp	Icewall File Manager	3.0
Xmlsoft	Libxml2	<= 2.9.2
Debian	Debian Linux	7.0
Opensuse	Leap	42.1
Opensuse	Opensuse	13.1

Related Weaknesses (CWE)

CWE-119

References

http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.htmlMailing ListThird Party Advisory
http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.htmlMailing ListThird Party Advisory
http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.htmlMailing ListThird Party Advisory
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.htmlMailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=145382616617563&w=2Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2549.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2550.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1089.htmlBroken Link
http://www.debian.org/security/2015/dsa-3430Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.hThird Party Advisory
http://www.securityfocus.com/bid/79509Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1034243Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-2834-1Third Party Advisory

FAQ

What is CVE-2015-7499?

CVE-2015-7499 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.

How severe is CVE-2015-7499?

CVE-2015-7499 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-7499?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Iphone Os, Apple Mac Os X, Apple Tvos, Apple Watchos, Canonical Ubuntu Linux.