VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-muvh-8zw6-tbbn

Essentials
Severities (42)
References (47)
Severity details (26)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-muvh-8zw6-tbbn
Aliases	CVE-2015-1819 GHSA-q7wx-62r7-j2x7
Summary	Nokogiri gem contains several vulnerabilities in libxml2 and libxslt Several vulnerabilities were discovered in the libxml2 and libxslt libraries that the Nokogiri gem depends on. CVE-2015-1819 A denial of service flaw was found in the way libxml2 parsed XML documents. This flaw could cause an application that uses libxml2 to use an excessive amount of memory. CVE-2015-7941 libxml2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted specially XML data. CVE-2015-7942 The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data. CVE-2015-7995 The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check whether the parent node is an element, which allows attackers to cause a denial of service using a specially crafted XML document. CVE-2015-8035 The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. Another vulnerability was discoverd in libxml2 that could cause parsing of unclosed comments to result in "conditional jump or move depends on uninitialized value(s)" and unsafe memory access. This issue does not have a CVE assigned yet. See related URLs for details. Patched in v1.6.7.rc4.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-776	Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-399	Resource Management Errors
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html
generic_textual	MODERATE	http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html
generic_textual	MODERATE	http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html
generic_textual	MODERATE	http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
generic_textual	MODERATE	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172710.html
generic_textual	MODERATE	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172943.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2015-1419.html
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2015-2550.html
epss	0.02464	https://api.first.org/data/v1/epss?cve=CVE-2015-1819
epss	0.02464	https://api.first.org/data/v1/epss?cve=CVE-2015-1819
epss	0.02464	https://api.first.org/data/v1/epss?cve=CVE-2015-1819
epss	0.02464	https://api.first.org/data/v1/epss?cve=CVE-2015-1819
epss	0.02464	https://api.first.org/data/v1/epss?cve=CVE-2015-1819
epss	0.02464	https://api.first.org/data/v1/epss?cve=CVE-2015-1819
epss	0.02464	https://api.first.org/data/v1/epss?cve=CVE-2015-1819
epss	0.02464	https://api.first.org/data/v1/epss?cve=CVE-2015-1819
epss	0.02464	https://api.first.org/data/v1/epss?cve=CVE-2015-1819
epss	0.02464	https://api.first.org/data/v1/epss?cve=CVE-2015-1819
epss	0.02464	https://api.first.org/data/v1/epss?cve=CVE-2015-1819
epss	0.02464	https://api.first.org/data/v1/epss?cve=CVE-2015-1819
epss	0.02464	https://api.first.org/data/v1/epss?cve=CVE-2015-1819
epss	0.02464	https://api.first.org/data/v1/epss?cve=CVE-2015-1819
epss	0.02464	https://api.first.org/data/v1/epss?cve=CVE-2015-1819
epss	0.02464	https://api.first.org/data/v1/epss?cve=CVE-2015-1819
generic_textual	MODERATE	https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-q7wx-62r7-j2x7
generic_textual	MODERATE	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-1819.yml
generic_textual	MODERATE	https://github.com/sparklemotion/nokogiri/issues/1374
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2015-1819
generic_textual	MODERATE	https://security.gentoo.org/glsa/201507-08
generic_textual	MODERATE	https://security.gentoo.org/glsa/201701-37
generic_textual	MODERATE	https://support.apple.com/HT206166
generic_textual	MODERATE	https://support.apple.com/HT206167
generic_textual	MODERATE	https://support.apple.com/HT206168
generic_textual	MODERATE	https://support.apple.com/HT206169
generic_textual	MODERATE	http://www.debian.org/security/2015/dsa-3430
generic_textual	MODERATE	http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
generic_textual	MODERATE	http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
generic_textual	MODERATE	http://www.ubuntu.com/usn/USN-2812-1
generic_textual	MODERATE	http://xmlsoft.org/news.html

Reference id	Reference type	URL
		http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html
		http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html
		http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html
		http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html
		http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172710.html
		http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172943.html
		http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
		http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html
		http://rhn.redhat.com/errata/RHSA-2015-1419.html
		http://rhn.redhat.com/errata/RHSA-2015-2550.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1819.json
		https://api.first.org/data/v1/epss?cve=CVE-2015-1819
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710
		https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9
		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-1819.yml
		https://github.com/sparklemotion/nokogiri/commit/8f3de6d88d0da11fb62a45daa61b85ce71b4af59
		https://github.com/sparklemotion/nokogiri/issues/1374
		https://github.com/sparklemotion/nokogiri/pull/1376
		https://nvd.nist.gov/vuln/detail/CVE-2015-1819
		https://security.gentoo.org/glsa/201507-08
		https://security.gentoo.org/glsa/201701-37
		https://support.apple.com/HT206166
		https://support.apple.com/HT206167
		https://support.apple.com/HT206168
		https://support.apple.com/HT206169
		http://www.debian.org/security/2015/dsa-3430
		http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
		http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
		http://www.ubuntu.com/usn/USN-2812-1
		http://xmlsoft.org/news.html
1211278		https://bugzilla.redhat.com/show_bug.cgi?id=1211278
782782		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782782
GHSA-q7wx-62r7-j2x7		https://github.com/advisories/GHSA-q7wx-62r7-j2x7
RHSA-2015:1419		https://access.redhat.com/errata/RHSA-2015:1419
RHSA-2015:2550		https://access.redhat.com/errata/RHSA-2015:2550
USN-2812-1		https://usn.ubuntu.com/2812-1/

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.84622
EPSS Score	0.02464
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:04:56.152261+00:00	Ruby Importer	Import	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-1819.yml	37.0.0