Your submission was sent successfully! Close

CVE-2018-9251

Published: 4 April 2018

The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.

Notes

AuthorNote
leosilva
it's only affect if e2a9122b8dde53d320750451e9907a7dcb2ca8bb
was applied, and it's not the case.
Priority

Medium

CVSS 3 base score: 5.3

Status

Package Release Status
libxml2
Launchpad, Ubuntu, Debian
artful Not vulnerable

precise Not vulnerable

trusty Not vulnerable

upstream Needs triage

xenial Not vulnerable