CVE-2015-7500 — MEDIUM (5.0)

Q: How severe is CVE-2015-7500?

CVE-2015-7500 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-7500?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Icewall Federation Agent, Hp Icewall File Manager, Xmlsoft Libxml2, Debian Debian Linux, Apple Iphone Os.

Vulnerability Description

The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Hp	Icewall Federation Agent	3.0
Hp	Icewall File Manager	3.0
Xmlsoft	Libxml2	<= 2.9.2
Debian	Debian Linux	7.0
Apple	Iphone Os	<= 9.2.1
Apple	Mac Os X	<= 10.11.3
Apple	Tvos	<= 9.1
Apple	Watchos	<= 2.1
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Hpc Node	6.0
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Workstation	6.0
Canonical	Ubuntu Linux	12.04

Related Weaknesses (CWE)

CWE-119

References

http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.htmlMailing ListThird Party Advisory
http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.htmlMailing ListThird Party Advisory
http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.htmlMailing ListThird Party Advisory
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html
http://marc.info/?l=bugtraq&m=145382616617563&w=2Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2549.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2550.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-1089.html
http://www.debian.org/security/2015/dsa-3430Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.h
http://www.securityfocus.com/bid/79562
http://www.securitytracker.com/id/1034243

FAQ

What is CVE-2015-7500?

CVE-2015-7500 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect ent...

How severe is CVE-2015-7500?

CVE-2015-7500 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-7500?

Check the references section above for vendor advisories and patch information. Affected products include: Hp Icewall Federation Agent, Hp Icewall File Manager, Xmlsoft Libxml2, Debian Debian Linux, Apple Iphone Os.