{
  "threat_severity" : "Low",
  "public_date" : "2015-04-14T00:00:00Z",
  "bugzilla" : {
    "description" : "libxml2: denial of service processing a crafted XML document",
    "id" : "1211278",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1211278"
  },
  "cvss" : {
    "cvss_base_score" : "2.6",
    "cvss_scoring_vector" : "AV:N/AC:H/Au:N/C:N/I:N/A:P",
    "status" : "verified"
  },
  "details" : [ "The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.", "A denial of service flaw was found in the way the libxml2 library parsed certain XML files. An attacker could provide a specially crafted XML file that, when parsed by an application using libxml2, could cause that application to use an excessive amount of memory." ],
  "statement" : "Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw in libxml2.",
  "acknowledgement" : "This issue was discovered by Florian Weimer (Red Hat Product Security).",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-07-20T00:00:00Z",
    "advisory" : "RHSA-2015:1419",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "libxml2-0:2.7.6-20.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-12-07T00:00:00Z",
    "advisory" : "RHSA-2015:2550",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "libxml2-0:2.9.1-6.el7_2.2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Will not fix",
    "package_name" : "libxml2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-1819\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1819" ],
  "name" : "CVE-2015-1819",
  "csaw" : false
}