CVE-2014-3660

Published Nov 4, 2014
Last updated 18 days ago
CVSS info 5.0
Overview

Description: parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted XML document containing a large number of nested entity references, a variant of the "billion laughs" attack.
Source: secalert@redhat.com
NVD status: Modified
Products: libxml2, mac_os_x, ubuntu_linux, debian_linux, enterprise_linux
Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:N/A:P
Weaknesses

nvd@nist.gov: NVD-CWE-Other
Hype score: Not currently trending
Evaluator

Comment: <a href="http://cwe.mitre.org/data/definitions/611.html" target="_blank">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>
Impact: -
Solution: -
Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "18BCA403-8F0F-4564-BE7E-1DE10408B54B",
            "versionEndIncluding": "2.9.1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.0.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "586C0FAB-E288-4EFB-8946-4535971F23F9",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.1.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "15236DDC-0095-4253-9113-61F76EFC0769",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.1.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "98F95AB1-D3D0-4E39-B135-4B55991845CE",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "392E4AA7-00D2-45B1-9FA7-C1C7C37431F0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.0:beta:*:*:*:*:*:*",
            "matchCriteriaId": "C7839A86-59AA-400C-BF29-18E612B8EB4D",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "0F9A211A-5C44-4BDC-9676-3B7B937835B9",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.2:*:*:*:*:*:*:*",
            "matchCriteriaId": "BECA085A-BEF1-4AD2-ABBA-069CE2642796",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.3:*:*:*:*:*:*:*",
            "matchCriteriaId": "E66BF7BC-5B5C-40BB-B826-3CC9DBAB53D0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.4:*:*:*:*:*:*:*",
            "matchCriteriaId": "F330D609-31EB-4B4C-B007-ACEABA557F54",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.5:*:*:*:*:*:*:*",
            "matchCriteriaId": "D9E2F05B-B298-489C-9E44-62E0A199E148",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.6:*:*:*:*:*:*:*",
            "matchCriteriaId": "070B2F1F-9A99-4A20-9BA9-CF175D482DA6",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.7:*:*:*:*:*:*:*",
            "matchCriteriaId": "25DC5AE4-9DEA-4828-96F0-57BACB6C9B25",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.8:*:*:*:*:*:*:*",
            "matchCriteriaId": "BDE26E6D-53FF-4001-8F25-C112635CB74E",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.9:*:*:*:*:*:*:*",
            "matchCriteriaId": "D1210A8D-5359-4FD4-963F-506200AA20AE",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.10:*:*:*:*:*:*:*",
            "matchCriteriaId": "AA748E50-798F-40EA-B252-0A166DEEB120",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.2.11:*:*:*:*:*:*:*",
            "matchCriteriaId": "C5B9E7CC-D552-4C9A-909E-42D375452E09",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "06C20B5C-16E7-4C1B-A2DB-8EB4B9A7045D",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "D7A901B3-B0F4-4D2B-8CAF-25938219B657",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.2:*:*:*:*:*:*:*",
            "matchCriteriaId": "12FCBA01-D739-4BA2-83F5-D41A6DF91F1F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.3:*:*:*:*:*:*:*",
            "matchCriteriaId": "EFC8C43D-84C7-4C0C-8DD1-66206D665C35",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.4:*:*:*:*:*:*:*",
            "matchCriteriaId": "5E60C1B4-BBC1-4E2B-8323-A7E059EF6BEE",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.5:*:*:*:*:*:*:*",
            "matchCriteriaId": "8B677850-4FE9-4522-ADAE-42C5D17D4A7D",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.6:*:*:*:*:*:*:*",
            "matchCriteriaId": "9BB7931B-55AA-4735-8AAB-9F3A9E9C0123",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.7:*:*:*:*:*:*:*",
            "matchCriteriaId": "F4A5B9AF-7F82-4EEC-A776-587C6DD44448",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.8:*:*:*:*:*:*:*",
            "matchCriteriaId": "94D33392-DD5C-4704-BECF-69D416F9F2C0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.9:*:*:*:*:*:*:*",
            "matchCriteriaId": "B1BA896F-07D7-4B93-939B-B6CDD1DCA87C",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.10:*:*:*:*:*:*:*",
            "matchCriteriaId": "647CA5AD-5AC2-448E-8445-62837F413361",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.11:*:*:*:*:*:*:*",
            "matchCriteriaId": "37D4241B-A328-45F0-9FAB-CEE20DC7432E",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.12:*:*:*:*:*:*:*",
            "matchCriteriaId": "CAAD77C4-84EC-4924-90F8-35A2375AA6A9",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.13:*:*:*:*:*:*:*",
            "matchCriteriaId": "6A124C5A-C72C-4623-925E-378FF40671EF",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.3.14:*:*:*:*:*:*:*",
            "matchCriteriaId": "8ACD2FD4-E884-4FC5-842B-86AAE06D9E05",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "14A9036D-1474-4097-9E70-09F7BBA2826C",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.2:*:*:*:*:*:*:*",
            "matchCriteriaId": "E8884CF6-2F5B-465F-841B-3C69EC3BE3BA",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.3:*:*:*:*:*:*:*",
            "matchCriteriaId": "A699B966-3756-4D5B-8693-0678EEDD8AD0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.4:*:*:*:*:*:*:*",
            "matchCriteriaId": "A1E50FED-4BAD-4D04-98C3-C2427E086C1B",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.5:*:*:*:*:*:*:*",
            "matchCriteriaId": "70880522-BBC0-4D5C-8DA3-245E189FA1C0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.6:*:*:*:*:*:*:*",
            "matchCriteriaId": "1A8BA1A0-F8E7-4B93-B667-D012C91F831E",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.7:*:*:*:*:*:*:*",
            "matchCriteriaId": "27662848-9CD5-43BC-9A1B-8C6EBACCCC21",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.8:*:*:*:*:*:*:*",
            "matchCriteriaId": "C967E50C-E7AA-49D0-A055-20CA083CA232",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.9:*:*:*:*:*:*:*",
            "matchCriteriaId": "DA398ACA-73C2-4093-AD35-E30161C96C25",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.10:*:*:*:*:*:*:*",
            "matchCriteriaId": "757B5A74-6B7B-4F01-9891-9F9E510074C9",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.11:*:*:*:*:*:*:*",
            "matchCriteriaId": "5C10CC4C-3A9C-4AD0-A7C1-ACF781BF20D5",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.12:*:*:*:*:*:*:*",
            "matchCriteriaId": "2E67FD94-4E96-4FCC-990B-4C0A5C599ED0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.13:*:*:*:*:*:*:*",
            "matchCriteriaId": "8E7DDE27-9DE8-4E45-AFA2-AFFEA8F0D917",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.14:*:*:*:*:*:*:*",
            "matchCriteriaId": "92CEEDA7-5DFC-4DB0-989E-F356E5CF65A9",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.15:*:*:*:*:*:*:*",
            "matchCriteriaId": "25D60B58-3558-4244-A5B3-8D16F53A9588",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.16:*:*:*:*:*:*:*",
            "matchCriteriaId": "E5DB409B-795F-4F8A-85E1-0B4E66AE9D48",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.17:*:*:*:*:*:*:*",
            "matchCriteriaId": "457C47ED-A429-42AE-9FF9-978D605BACFE",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.18:*:*:*:*:*:*:*",
            "matchCriteriaId": "3C20B9D5-9E10-4B6D-8095-B2A63EDB8D16",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.19:*:*:*:*:*:*:*",
            "matchCriteriaId": "9087E4FE-661F-4803-BB3B-09D2699265E5",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.20:*:*:*:*:*:*:*",
            "matchCriteriaId": "7C2D01CF-9FCE-41F8-997E-EA9BDCCD8C76",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.21:*:*:*:*:*:*:*",
            "matchCriteriaId": "84E1C7A6-DCA7-4760-B1B6-EFB256978CFC",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.22:*:*:*:*:*:*:*",
            "matchCriteriaId": "9F1E7CFF-E4B3-4B31-BE23-C187544E9488",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.23:*:*:*:*:*:*:*",
            "matchCriteriaId": "81EDD077-5183-4588-8DB1-93A0597AAA34",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.24:*:*:*:*:*:*:*",
            "matchCriteriaId": "530FE28C-0D51-4BF9-AE43-D65F9913B48B",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.25:*:*:*:*:*:*:*",
            "matchCriteriaId": "F030053E-2292-42E2-8435-0CFBDDE688DB",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.26:*:*:*:*:*:*:*",
            "matchCriteriaId": "A0258377-DD8B-4FA6-B075-E8489C83CEAE",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.27:*:*:*:*:*:*:*",
            "matchCriteriaId": "69E0BD23-38C6-43C0-870F-00B13F7C91D3",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.28:*:*:*:*:*:*:*",
            "matchCriteriaId": "F3D3350E-5186-4DC8-9D1B-59068A469496",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.29:*:*:*:*:*:*:*",
            "matchCriteriaId": "F76783D0-63F8-48A7-85FE-E5E8DBFA223D",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.4.30:*:*:*:*:*:*:*",
            "matchCriteriaId": "52AE89B2-C1A3-48C8-AEB5-4B0D757AE361",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.5.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "8ACA170D-21DB-47CD-AD73-2DEB2A2439F1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.5.4:*:*:*:*:*:*:*",
            "matchCriteriaId": "FFC48A66-7D1F-4446-BC50-6C1A1DF819E8",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.5.7:*:*:*:*:*:*:*",
            "matchCriteriaId": "A0A86D90-C64E-4850-8D6E-94D3C0789241",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.5.8:*:*:*:*:*:*:*",
            "matchCriteriaId": "06A50725-AC7A-4FDB-887A-3DCB369C943D",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.5.10:*:*:*:*:*:*:*",
            "matchCriteriaId": "D463EC3C-88F1-46D9-ADB6-6283DC23B0B6",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.5.11:*:*:*:*:*:*:*",
            "matchCriteriaId": "43F8E361-E6D3-4666-B18D-928D550FD5D2",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "B6948CD9-8489-46BA-9159-24C842490702",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "35C43087-760E-482A-B34E-141A29AC57A4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.2:*:*:*:*:*:*:*",
            "matchCriteriaId": "669211F7-90EA-47AB-A787-34DD79DF8E25",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.3:*:*:*:*:*:*:*",
            "matchCriteriaId": "025B16D8-1023-4D47-BADD-C1E838B47D88",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.4:*:*:*:*:*:*:*",
            "matchCriteriaId": "320E691F-D417-4D81-A223-C46FEFFD908A",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.5:*:*:*:*:*:*:*",
            "matchCriteriaId": "F3B06B40-327D-4EFA-AD19-DA1CA7D50B4F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.6:*:*:*:*:*:*:*",
            "matchCriteriaId": "EB8BEC58-AB2A-4953-A2E8-338EB894A494",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.7:*:*:*:*:*:*:*",
            "matchCriteriaId": "ABDE6C9A-4F24-42B4-8AA3-3EBC97190322",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.8:*:*:*:*:*:*:*",
            "matchCriteriaId": "44FB2813-BE9F-46A8-864B-435D883CA0FA",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.9:*:*:*:*:*:*:*",
            "matchCriteriaId": "F9DF1336-F831-4507-B45E-574BDE8AA8BA",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.11:*:*:*:*:*:*:*",
            "matchCriteriaId": "33268B2F-3591-48D9-B123-92E3ABF157F1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.12:*:*:*:*:*:*:*",
            "matchCriteriaId": "0830367A-9FB3-4291-88C0-38A471DFD22B",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.13:*:*:*:*:*:*:*",
            "matchCriteriaId": "73E4EB1B-2E8B-4504-AB05-F4D4E6B038E9",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.14:*:*:*:*:*:*:*",
            "matchCriteriaId": "B5815E25-5305-4A32-81B3-89DB1D5C1AC0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.16:*:*:*:*:*:*:*",
            "matchCriteriaId": "0AD69C98-11AB-4BB5-A91A-F029BA0E1DB1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.17:*:*:*:*:*:*:*",
            "matchCriteriaId": "98CF3A74-B9F8-4689-B81C-F579D827DA5C",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.18:*:*:*:*:*:*:*",
            "matchCriteriaId": "6DBD9C7D-CD0B-4B5B-BEC2-F67610DEDE2B",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.20:*:*:*:*:*:*:*",
            "matchCriteriaId": "798F7A01-F006-4589-82F8-943F81015693",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.21:*:*:*:*:*:*:*",
            "matchCriteriaId": "6A1C90C5-1B77-4BE5-ACDA-1F15D3F2A000",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.22:*:*:*:*:*:*:*",
            "matchCriteriaId": "36940C55-BFD4-4C77-A26B-C0F273EAC2EC",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.23:*:*:*:*:*:*:*",
            "matchCriteriaId": "8ECB753E-430C-4DBD-9063-506E749A21CF",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.24:*:*:*:*:*:*:*",
            "matchCriteriaId": "3EBD3E93-1624-4B1D-8F9A-5683ADA4983E",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.25:*:*:*:*:*:*:*",
            "matchCriteriaId": "551B91B8-7A5A-4E5D-AAED-76705F8A2829",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.26:*:*:*:*:*:*:*",
            "matchCriteriaId": "1D8135B1-FB22-4755-A5ED-CDB16E3E85A3",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.27:*:*:*:*:*:*:*",
            "matchCriteriaId": "2B4685BF-394A-4426-980A-2B1D37737C06",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.28:*:*:*:*:*:*:*",
            "matchCriteriaId": "77A68008-7392-4BE4-AB30-24D2BA124E3A",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.29:*:*:*:*:*:*:*",
            "matchCriteriaId": "63F37BF5-D4D2-43AB-841A-E9AC32A68452",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.30:*:*:*:*:*:*:*",
            "matchCriteriaId": "CB8A074B-069A-4520-8E3C-AB614C31B68A",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.31:*:*:*:*:*:*:*",
            "matchCriteriaId": "D77DE5FD-060A-4AD6-A925-4E9EF186C835",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.6.32:*:*:*:*:*:*:*",
            "matchCriteriaId": "7069A49C-038C-4E7B-AF03-4D90D5734414",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "87E895B9-5AF7-4A1F-B740-B3E13DE3254E",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.1:*:*:*:*:*:*:*",
            "matchCriteriaId": "8FD29EFD-1ADB-4349-8E7D-EA6B34B0F6DE",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.2:*:*:*:*:*:*:*",
            "matchCriteriaId": "EC720A50-9EF5-4B73-86D1-AE87D402611E",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.3:*:*:*:*:*:*:*",
            "matchCriteriaId": "464942E8-EDF3-4ECB-B907-FFCDBC9079C0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.4:*:*:*:*:*:*:*",
            "matchCriteriaId": "E1246C0E-DCAC-405E-ADCE-3D16D659C567",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.5:*:*:*:*:*:*:*",
            "matchCriteriaId": "5703D8EC-259B-49C3-AADE-916227DEB96F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.6:*:*:*:*:*:*:*",
            "matchCriteriaId": "184B40E3-28FD-49A4-9560-5E26293D7D08",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.7:*:*:*:*:*:*:*",
            "matchCriteriaId": "7CCE8BBA-6721-4257-9F2E-23AEB104564E",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.7.8:*:*:*:*:*:*:*",
            "matchCriteriaId": "AF2A3107-5F12-407E-9009-7F42B09299E4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.8.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "8928F415-C124-4B4A-9D59-40AC6845AFD1",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.9.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "955673D9-2912-48A2-93C9-10430290A4AF",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:xmlsoft:libxml2:2.9.0:rc1:*:*:*:*:*:*",
            "matchCriteriaId": "268661C2-7A45-4743-8A09-48B3EE21212E",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "7883E465-932D-4C11-AA54-97E44181F906",
            "versionEndIncluding": "10.10.4",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
            "matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
            "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
            "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]
References

Sources include official advisories and independent security research.
Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

Related CVEs

References
