QwikSec

Security Database

CVE

CWE

Training

CVE-2017-18258

Published: Apr 8, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[debian-lts-announce] 20180927 [SECURITY] [DLA 1524-1] libxml2 security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_UBUNTU

https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb

x_refsource_MISC

https://kc.mcafee.com/corporate/index?page=content&id=SB10284

x_refsource_CONFIRM

https://security.netapp.com/advisory/ntap-20190719-0001/

x_refsource_CONFIRM

[debian-lts-announce] 20200909 [SECURITY] [DLA 2369-1] libxml2 security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.