CVE-2018-9251

Published: Apr 4, 2018Modified: Jun 17, 2026

5.3

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.6 / Impact: 3.6

Source: NVD

Description

The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.

Affected (2)

Products: Xmlsoft: Libxml2 · Debian: Debian Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Xmlsoft Libxml2	Version 2.9.8

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Related CWEs

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (4)

https://bugzilla.gnome.org/show_bug.cgi?id=794914

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html

Source: cve@mitre.org

Third Party Advisory

https://bugzilla.gnome.org/show_bug.cgi?id=794914

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.