CVE-2018-14567: Loop with Unreachable Exit Condition ('Infinite Loop')

August 16, 2018 (updated September 10, 2020)

libxml2, if –with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.

References

nvd.nist.gov/vuln/detail/CVE-2018-14567

Detect and mitigate CVE-2018-14567 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →