There is a NULL pointer dereference in the caseless_hash function in gxps-archive.c in libgxps 0.2.5. A crafted input will lead to a remote denial of service attack.Referenceshttps://bugzilla.redhat.com/show_bug.cgi?id=1473167
