VYPR
Medium severity6.5NVD Advisory· Published Apr 8, 2018· Updated Jun 17, 2026

CVE-2017-18258

CVE-2017-18258

Description

The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
nokogiriRubyGems
< 1.8.21.8.2

Affected products

8

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.