The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.
References
Configurations
History
No history.
Information
Published : 2018-04-08 17:29
Updated : 2024-02-04 19:46
NVD link : CVE-2017-18258
Mitre link : CVE-2017-18258
CVE.ORG link : CVE-2017-18258
JSON object : View
Products Affected
xmlsoft
- libxml2
CWE
CWE-770
Allocation of Resources Without Limits or Throttling