GNOME libxml2 xz_decomp() Function Denial of Service Vulnerability

By GIXnews

A vulnerability in the xz_decomp() function of the GNOME libxml2 library could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability exists in the xz_decomp() function, as defined in the xzlib.c source code of the affected software, and is due to an infinite loop condition that could occur in the Lempel-Ziv-Markov (LZMA) decompression feature during the processing of XML files. An attacker could exploit this vulnerability by persuading a user to open a crafted XML file that submits malicious input to the targeted system. A successful exploit could trigger an LZMA_MEMLIMIT_ERROR condition, resulting in a DoS condition.

The GNOME Project has confirmed the vulnerability and released a patch.

Security Impact Rating: Medium

CVE: CVE-2018-9251

Source:: Cisco Multivendor Vulnerability Alerts