First published: Tue Apr 03 2018(Updated: )
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/libxml2 | <0:2.9.1-6.el7.4 | 0:2.9.1-6.el7.4 |
ubuntu/libxml2 | <2.9.1+dfsg1-3ubuntu4.13 | 2.9.1+dfsg1-3ubuntu4.13 |
ubuntu/libxml2 | <2.9.3+dfsg1-1ubuntu0.6 | 2.9.3+dfsg1-1ubuntu0.6 |
ubuntu/libxml2 | <2.9.4+dfsg1-6.1ubuntu1.2 | 2.9.4+dfsg1-6.1ubuntu1.2 |
ubuntu/libxml2 | <2.9.9 | 2.9.9 |
=2.9.8 | ||
=14.04 | ||
=16.04 | ||
=18.04 | ||
=8.0 | ||
Xmlsoft Libxml2 | =2.9.8 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Debian Debian Linux | =8.0 | |
redhat/libxml2 | <2.9.7 | 2.9.7 |
debian/libxml2 | 2.9.4+dfsg1-7+deb10u4 2.9.4+dfsg1-7+deb10u6 2.9.10+dfsg-6.7+deb11u4 2.9.14+dfsg-1.3~deb12u1 2.9.14+dfsg-1.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
The vulnerability ID for libxml2 is CVE-2018-14567.
The severity of CVE-2018-14567 is medium.
CVE-2018-14567 allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR.
To fix CVE-2018-14567, you should update the libxml2 package to version 2.9.9 or higher.
You can find more information about CVE-2018-14567 at the following references: [MITRE] [Ubuntu Security Notice] [NVD].