CVE-2015-8806: Uncontrolled Resource Consumption

April 13, 2016 (updated September 11, 2020)

dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the “<!DOCTYPE html” substring in a crafted HTML document.

References

nvd.nist.gov/vuln/detail/CVE-2015-8806

Code Behaviors & Features

Detect and mitigate CVE-2015-8806 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →