The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8035