Main Vulnerability Database Vulnerabilities #VU14470

Infinite loop in Libxml2 - CVE-2018-14567

Published: August 20, 2018 / Updated: August 21, 2018

Vulnerability identifier: #VU14470

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-14567

CWE-ID: CWE-611

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Gnome Development Team

Affected software:
Libxml2

Detailed vulnerability description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the liblzma error code of the GNOME libxml2 library due to an infinite loop condition in the Lempel–Ziv–Markov (LZMA) decompression feature during the processing of XML files. A remote attacker can trick the victim into opening an XML file that submits malicious input, trigger a LZMA_MEMLIMIT_ERROR condition and cause the service to crash.

How to mitigate CVE-2018-14567

Install update from vendor's website.

Sources

https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74

Infinite loop in Libxml2 - CVE-2018-14567

Detailed vulnerability description

How to mitigate CVE-2018-14567

Sources

Please verify you're human