CVE-2018-9251: Loop with Unreachable Exit Condition ('Infinite Loop')
(updated )
The xz_decomp function in xzlib.c in libxml2, if –with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.
References
Detect and mitigate CVE-2018-9251 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →