VDB
GCVE-VVD-MAGEIA-2019-47
GCVE-VVD-MAGEIA-2019-47
Advisory Published
A flaw was found in libxml2 2.9.8. The xz_decomp function in xzlib.c, if
--with-lzma is used, allows remote attackers to cause a denial of service
(infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR,
as demonstrated by xmllint (CVE-2018-9251, CVE-2018-14567).
A null pointer dereference vulnerability exists in the
xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid
XPath expression. Applications processing untrusted XSL format inputs
with the use of libxml2 library may be vulnerable to denial of service
attack due to crash of the application (CVE-2018-14404).
The libxml2 package has been updated to version 2.9.9 to fix these
issues and other bugs.
The perl-XML-LibXML package has been rebuilt against the updated libxml2.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | kernel-linus | 0 (affected), 4.14.131-1.mga6 (unaffected) | — |
| Mageia | libxml2 | 0 (affected), 2.9.9-1.mga6 (unaffected), 0 (affected), 2.9.9-1.mga6 (unaffected) | — |
| Mageia | perl-XML-LibXML | 0 (affected), 2.13.200-1.1.mga6 (unaffected), 0 (affected), 2.13.200-1.1.mga6 (unaffected) | — |
References
Browse GCVE Records
100 records in the GCVE database · Updated April 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.