View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2018-9251 severity low: SUSE including 437 source package names (0.1.0:libxml2-2-2.9.7-3.3.1, 0.1.75:libxml2-2-2.9.7-3.3.1, …), 642 product×package rows across 237 product lines (Container bci/bci-init, Container bci/dotnet-aspnet, … (237 product lines)): Fixed 471, Known Affected 157, Known Not Affected 14.
The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.