CVE-2015-8317
EPSS 0.49%
Description
The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.
How to fix CVE-2015-8317
To remediate CVE-2015-8317, upgrade the affected package to a fixed version below.
- Debian/libxml2—upgrade to 2.9.2+zdfsg1-4 or later
Is CVE-2015-8317 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.9.2+zdfsg1-4