A vulnerability in the xz_head() function of the GNOME libxml2 library could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.
The vulnerability exists in the xz_head() function, as defined in the xzlib.c source code of the affected software, and is due to a memory consumption condition that could occur in the Lempel-Ziv-Markov (LZMA) decompression feature. An attacker could exploit this vulnerability by persuading a user to open a crafted LZMA file that submits malicious input to the targeted system. A successful exploit could trigger a memory consumption condition, resulting in a DoS condition.
The GNOME Project has confirmed the vulnerability and released a patch.
Security Impact Rating: Medium