Your submission was sent successfully! Close

CVE-2017-18258

Published: 8 April 2018

The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
libxml2
Launchpad, Ubuntu, Debian 		artful Ignored
(reached end-of-life)
bionic
Released (2.9.4+dfsg1-6.1ubuntu1.2)
precise Not vulnerable
(code not present)
trusty
Released (2.9.1+dfsg1-3ubuntu4.13)
upstream Needs triage

xenial
Released (2.9.3+dfsg1-1ubuntu0.6)

Notes

AuthorNote
leosilva 
precise/esm hasn't support for LZMA

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading