FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libxml2 -- Enforce the reader to run in constant memory

Affected packages
libxml2 < 2.9.2_3
linux-c6-libxml2 < 2.7.6_5
* <= linux-f10-libxml2

Details

VuXML ID 9c7177ff-1fe1-11e5-9a01-bcaec565249c
Discovery 2015-04-14
Entry 2015-07-01
Modified 2016-01-31

Daniel Veilland reports:

Enforce the reader to run in constant memory. One of the operation on the reader could resolve entities leading to the classic expansion issue. Make sure the buffer used for xmlreader operation is bounded. Introduce a new allocation type for the buffers for this effect.

[source]

References

CVE Name CVE-2015-1819
URL https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.