Search for vulnerabilities
Vulnerability details: VCID-kt4k-xgcs-zkge
Vulnerability ID VCID-kt4k-xgcs-zkge
Aliases CVE-2018-14567
Summary libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251.
Status Published
Exploitability 0.5
Weighted Severity 5.9
Risk 3.0
Affected and Fixed Packages Package Details
Weaknesses (4)
System Score Found at
cvssv3 4.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14567.json
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2018-14567
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2018-14567
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2018-14567
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2018-14567
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2018-14567
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2018-14567
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2018-14567
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2018-14567
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2018-14567
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2018-14567
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2018-14567
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2018-14567
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2018-14567
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2018-14567
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2018-14567
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2018-14567
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2018-14567
epss 0.00313 https://api.first.org/data/v1/epss?cve=CVE-2018-14567
cvssv3 5.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2018-14567
cvssv3 6.5 https://nvd.nist.gov/vuln/detail/CVE-2018-14567
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14567.json
https://api.first.org/data/v1/epss?cve=CVE-2018-14567
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74
https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html
https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
http://www.securityfocus.com/bid/105198
1619875 https://bugzilla.redhat.com/show_bug.cgi?id=1619875
cpe:2.3:a:xmlsoft:libxml2:2.9.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:xmlsoft:libxml2:2.9.8:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
CVE-2018-14567 https://nvd.nist.gov/vuln/detail/CVE-2018-14567
RHSA-2020:1190 https://access.redhat.com/errata/RHSA-2020:1190
USN-3739-1 https://usn.ubuntu.com/3739-1/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14567.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2018-14567
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-14567
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)
Percentile 0.53894
EPSS Score 0.00313
Published At Aug. 6, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:34:19.519401+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.13/main.json 37.0.0