It is possible to trigger a stack overflow using a carefully crafted invalid xml file, the stack overflow occurs before libxml2 determines the xml file is invalid. Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=765207
Created attachment 1153279 [details] proposed patch
Created libxml2 tracking bugs for this issue: Affects: fedora-all [bug 1332831]
Created mingw-libxml2 tracking bugs for this issue: Affects: fedora-all [bug 1332832] Affects: epel-7 [bug 1332833]
Public via: http://seclists.org/fulldisclosure/2016/May/10
Upstream commit for this issue : https://git.gnome.org/browse/libxml2/commit/?h=CVE-2016-3705&id=8f30bdff69edac9075f4663ce3b56b0c52d48ce6
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2016:1292 https://access.redhat.com/errata/RHSA-2016:1292
This issue has been addressed in the following products: Via RHSA-2016:2957 https://rhn.redhat.com/errata/RHSA-2016-2957.html