Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2019-19956

Published: 24 December 2019

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.

Notes

AuthorNote
ccdm94
the fix for this issue, made available with commit 5a02583c,
was reverted in version 2.9.11 with commit a0a8059b, since
it seems like the fix introduced various memory issues in
libxml2. More information regarding this choice made by
upstream can be seen at:
https://gitlab.gnome.org/GNOME/libxml2/-/issues/161

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
libxml2
Launchpad, Ubuntu, Debian
bionic
Released (2.9.4+dfsg1-6.1ubuntu1.3)
disco Ignored
(reached end-of-life)
eoan
Released (2.9.4+dfsg1-7ubuntu3.1)
focal
Released (2.9.10+dfsg-1ubuntu2)
precise
Released (2.7.8.dfsg-5.1ubuntu4.22)
trusty
Released (2.9.1+dfsg1-3ubuntu4.13+esm1)
upstream
Released (2.9.10)
xenial
Released (2.9.3+dfsg1-1ubuntu0.7)
Patches:
upstream: https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549