CVE-2017-18258
Published: 8 April 2018
The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.
Priority
CVSS 3 base score: 6.5
Notes
Author | Note |
---|---|
leosilva | precise/esm hasn't support for LZMA |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258
- https://ubuntu.com/security/notices/USN-3739-1
- NVD
- Launchpad
- Debian