FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-amf -- input sanitization errors

Affected packages
py27-amf < 0.8.0
py32-amf < 0.8.0
py33-amf < 0.8.0
py34-amf < 0.8.0


VuXML ID 1fbd6db1-a4e4-11e5-b864-14dae9d210b8
Discovery 2015-12-01
Entry 2015-12-17

oCERT reports:

A specially crafted AMF payload, containing malicious references to XML external entities, can be used to trigger Denial of Service (DoS) conditions or arbitrarily return the contents of files that are accessible with the running application privileges.


CVE Name CVE-2015-8549