CVE-2015-8806

Published: 13 April 2016

dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document.

Priority

Low

CVSS 3 base score: 7.5

Status

Notes

This is a dupe of CVE-2016-1839

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8806
• https://ubuntu.com/security/notices/USN-2994-1
• NVD
• Launchpad
• Debian

Bugs

• http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813613
• https://bugzilla.gnome.org/show_bug.cgi?id=749115