The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ubuntu_linux | Canonical | 12.04 (including) | 12.04 (including) |
Ubuntu_linux | Canonical | 14.04 (including) | 14.04 (including) |
Ubuntu_linux | Canonical | 15.04 (including) | 15.04 (including) |
Ubuntu_linux | Canonical | 15.10 (including) | 15.10 (including) |