Your submission was sent successfully! Close

CVE-2017-18258

Published: 8 April 2018

The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
libxml2
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic
Released (2.9.4+dfsg1-6.1ubuntu1.2)
precise Not vulnerable
(code not present)
trusty
Released (2.9.1+dfsg1-3ubuntu4.13)
upstream Needs triage

xenial
Released (2.9.3+dfsg1-1ubuntu0.6)