logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2018-14567

Description

libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. #### Bugs * <https://gitlab.gnome.org/GNOME/libxml2/issues/13> #### Notes Author| Note ---|--- [leosilva](<https://launchpad.net/~leosilva>) | precise/esm version has not LZMA support [ccdm94](<https://launchpad.net/~ccdm94>) | the same patch used to fix this vulnerability can also be used to fix CVE-2018-9251 (even though they are different CVEs).


Affected Package


OS OS Version Package Name Package Version
ubuntu 14.04 libxml2 2.9.1+dfsg1-3ubuntu4.13
ubuntu upstream libxml2 2.9.9
ubuntu 16.04 libxml2 2.9.3+dfsg1-1ubuntu0.6

Related