CVE-2018-14567

Name
CVE-2018-14567
Description
libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Third Party Advisory https://usn.ubuntu.com/3739-1/
Patch https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74
Third Party Advisory http://www.securityfocus.com/bid/105198
Third Party Advisory https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html
MLIST https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:xmlsoft:libxml2:2.9.8:*:*:*:*:*:*:* libxml2 == None == 2.9.8

Vulnerable and fixed packages

Source package Branch Version Maintainer Status