VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-qzdv-5fc6-vbea

Essentials
Severities (33)
References (36)
Severity details (18)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-qzdv-5fc6-vbea
Aliases	CVE-2015-7499 GHSA-jxjr-5h69-qw3w
Summary	Nokogiri gem contains a heap-based buffer overflow vulnerability in libxml2 Nokogiri version 1.6.7.2 has been released, pulling in several upstream patches to the vendored libxml2 to address the following CVE: CVE-2015-7499 CVSS v2 Base Score: 5.0 (MEDIUM) Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors. libxml2 could be made to crash if it opened a specially crafted file. It was discovered that libxml2 incorrectly handled certain malformed documents. If a user or automated system were tricked into opening a specially crafted document, an attacker could possibly cause libxml2 to crash, resulting in a denial of service.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-119	Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-122	Heap-based Buffer Overflow

System	Score	Found at
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
generic_textual	MODERATE	http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2015-2549.html
generic_textual	MODERATE	http://rhn.redhat.com/errata/RHSA-2015-2550.html
epss	0.01538	https://api.first.org/data/v1/epss?cve=CVE-2015-7499
epss	0.01538	https://api.first.org/data/v1/epss?cve=CVE-2015-7499
epss	0.01538	https://api.first.org/data/v1/epss?cve=CVE-2015-7499
epss	0.01538	https://api.first.org/data/v1/epss?cve=CVE-2015-7499
epss	0.01538	https://api.first.org/data/v1/epss?cve=CVE-2015-7499
epss	0.01538	https://api.first.org/data/v1/epss?cve=CVE-2015-7499
epss	0.01538	https://api.first.org/data/v1/epss?cve=CVE-2015-7499
epss	0.01538	https://api.first.org/data/v1/epss?cve=CVE-2015-7499
epss	0.01538	https://api.first.org/data/v1/epss?cve=CVE-2015-7499
epss	0.01538	https://api.first.org/data/v1/epss?cve=CVE-2015-7499
epss	0.01538	https://api.first.org/data/v1/epss?cve=CVE-2015-7499
epss	0.01538	https://api.first.org/data/v1/epss?cve=CVE-2015-7499
epss	0.01538	https://api.first.org/data/v1/epss?cve=CVE-2015-7499
epss	0.01538	https://api.first.org/data/v1/epss?cve=CVE-2015-7499
epss	0.01538	https://api.first.org/data/v1/epss?cve=CVE-2015-7499
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=1281925
generic_textual	MODERATE	https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc
generic_textual	MODERATE	https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-jxjr-5h69-qw3w
generic_textual	MODERATE	https://github.com/advisories/GHSA-jxjr-5h69-qw3w
generic_textual	MODERATE	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-7499.yml
generic_textual	MODERATE	https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2015-7499
generic_textual	MODERATE	https://security.gentoo.org/glsa/201701-37
generic_textual	MODERATE	https://web.archive.org/web/20210724022841/http://www.securityfocus.com/bid/79509
generic_textual	MODERATE	https://web.archive.org/web/20211205133229/https://securitytracker.com/id/1034243
generic_textual	MODERATE	http://www.debian.org/security/2015/dsa-3430
generic_textual	MODERATE	http://www.ubuntu.com/usn/USN-2834-1
generic_textual	MODERATE	http://xmlsoft.org/news.html

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html
		http://lists.opensuse.org/opensuse-updates/2016-01/msg00031.html
		http://rhn.redhat.com/errata/RHSA-2015-2549.html
		http://rhn.redhat.com/errata/RHSA-2015-2550.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7499.json
		https://api.first.org/data/v1/epss?cve=CVE-2015-7499
		https://bugzilla.redhat.com/show_bug.cgi?id=1281925
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1819
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5312
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7497
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7498
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7499
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7500
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7941
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7942
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8241
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8317
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8710
		https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc
		https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da
		https://github.com/advisories/GHSA-jxjr-5h69-qw3w
		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-7499.yml
		https://groups.google.com/forum/#!topic/ruby-security-ann/Dy7YiKb_pMM
		https://nvd.nist.gov/vuln/detail/CVE-2015-7499
		https://security.gentoo.org/glsa/201701-37
		https://web.archive.org/web/20210724022841/http://www.securityfocus.com/bid/79509
		https://web.archive.org/web/20211205133229/https://securitytracker.com/id/1034243
		http://www.debian.org/security/2015/dsa-3430
		http://www.ubuntu.com/usn/USN-2834-1
		http://xmlsoft.org/news.html
RHSA-2015:2549		https://access.redhat.com/errata/RHSA-2015:2549
RHSA-2015:2550		https://access.redhat.com/errata/RHSA-2015:2550
RHSA-2016:1089		https://access.redhat.com/errata/RHSA-2016:1089
USN-2834-1		https://usn.ubuntu.com/2834-1/
USN-2875-1		https://usn.ubuntu.com/2875-1/

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.80579
EPSS Score	0.01538
Published At	Aug. 17, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:04:56.414632+00:00	Ruby Importer	Import	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-7499.yml	37.0.0