First published: Tue Apr 03 2018(Updated: )
A flaw was found in libxml2 2.9.8. The xz_decomp function in xzlib.c, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than <a href="https://access.redhat.com/security/cve/CVE-2015-8035">CVE-2015-8035</a>. Reference: <a href="https://bugzilla.gnome.org/show_bug.cgi?id=794914">https://bugzilla.gnome.org/show_bug.cgi?id=794914</a>
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/libxml2 | <2.9.9 | 2.9.9 |
redhat/libxml2 | <0:2.9.7-7.el8 | 0:2.9.7-7.el8 |
Xmlsoft Libxml2 | =2.9.8 | |
Debian Debian Linux | =8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-9251 is a vulnerability in libxml2 2.9.8 that allows remote attackers to cause a denial of service via a crafted XML file.
CVE-2018-9251 affects libxml2 version 2.9.8.
The severity of CVE-2018-9251 is medium with a severity value of 5.3.
To fix CVE-2018-9251, update libxml2 to version 2.9.9.
You can find more information about CVE-2018-9251 at the following references: [Link 1](https://access.redhat.com/security/cve/CVE-2015-8035), [Link 2](https://bugzilla.gnome.org/show_bug.cgi?id=794914), [Link 3](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1565320).