A vulnerability in the xz_decomp() function of the GNOME libxml2 library could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.
The vulnerability exists in the xz_decomp() function, as defined in the xzlib.c source code of the affected software, and is due to an infinite loop condition that could occur in the Lempel-Ziv-Markov (LZMA) decompression feature during the processing of XML files. An attacker could exploit this vulnerability by persuading a user to open a crafted XML file that submits malicious input to the targeted system. A successful exploit could trigger an LZMA_MEMLIMIT_ERROR condition, resulting in a DoS condition.
The GNOME Project has confirmed the vulnerability and released a patch.
Security Impact Rating: Medium