GNOME libxml2 xz_head() Function Denial of Service Vulnerability

By GIXnews

A vulnerability in the xz_head() function of the GNOME libxml2 library could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability exists in the xz_head() function, as defined in the xzlib.c source code of the affected software, and is due to a memory consumption condition that could occur in the Lempel-Ziv-Markov (LZMA) decompression feature. An attacker could exploit this vulnerability by persuading a user to open a crafted LZMA file that submits malicious input to the targeted system. A successful exploit could trigger a memory consumption condition, resulting in a DoS condition.

The GNOME Project has confirmed the vulnerability and released a patch.

Security Impact Rating: Medium

CVE: CVE-2017-18258

Source:: Cisco Multivendor Vulnerability Alerts