CVE-2017-18258

Debian Bug report logs - #895245 libxml2: CVE-2017-18258: Set memory limit for LZMA decompression Package: src:libxml2; Maintainer for src:libxml2 is Debian XML/SGML Group <debian-xml-sgml-pkgs@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 8 Apr 2018 19:21:02 UTC Severity ...

Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2429 security update Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services Pack Apache Server 2429 packages for Microsoft Windows and Oracle Solaris are now availableRed Hat Product Security has rated this release ...

Synopsis Moderate: libxml2 security update Type/Severity Security Advisory: Moderate Topic An update for libxml2 is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, wh ...

Several security issues were fixed in libxml2 ...

A NULL pointer dereference vulnerability exists in the xpathc:xmlXPathCompOpEval() function of libxml2 through 298 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash ...

A NULL pointer dereference vulnerability exists in the xpathc:xmlXPathCompOpEval() function of libxml2 through 298 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash ...

A security issue has been found in libxml2 <= 296 compiled with LZMA support enabled, in the xz_head function in xzlibc This flaw allows a remote attacker to cause a denial of service via unbounded memory consumption, using a crafted XML payload ...