Vulnerability in Apple Iphone_os
CVE-2015-7995
The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to a "type confusion" issue.
EPSS: 0.014 (80.6th percentile) — read the EPSS interpretation.
Affected products
- Apple Iphone_os
- Apple Mac_os_x
- Apple Tvos
- Apple Watchos
- Xmlsoft Libxslt
- N/a — versions n/a
Public proof-of-concept exploits
References
- DSA-3605 (vendor-advisory, x_refsource_DEBIAN)
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (x_refsource_CONFIRM)
- [oss-security] 20151027 CVE request: libxslt xsltStylePreCompute() type confusion DoS (mailing-list, x_refsource_MLIST)
- [oss-security] 20151028 Re: CVE request: libxslt xsltStylePreCompute() type confusion DoS (mailing-list, x_refsource_MLIST)
- APPLE-SA-2016-01-25-1 (vendor-advisory, x_refsource_APPLE, Vendor Advisory)
- 1034736 (vdb-entry, x_refsource_SECTRACK)
- cve@mitre.org (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2015-7995?
- CVE-2015-7995 is a vulnerability in Apple Iphone_os. Published 2015-11-17.
- Is CVE-2015-7995 known to be exploited?
- 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.