CVE-2019-19956
Published: 24 December 2019
xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.
Notes
| Author | Note |
|---|---|
| ccdm94 | the fix for this issue, made available with commit 5a02583c, was reverted in version 2.9.11 with commit a0a8059b, since it seems like the fix introduced various memory issues in libxml2. More information regarding this choice made by upstream can be seen at: https://gitlab.gnome.org/GNOME/libxml2/-/issues/161 |
Priority
CVSS 3 base score: 7.5
Status
| Package | Release | Status |
|---|---|---|
|
libxml2 Launchpad, Ubuntu, Debian |
bionic |
Released
(2.9.4+dfsg1-6.1ubuntu1.3)
|
| disco |
Ignored
(reached end-of-life)
|
|
| eoan |
Released
(2.9.4+dfsg1-7ubuntu3.1)
|
|
| focal |
Released
(2.9.10+dfsg-1ubuntu2)
|
|
| precise |
Released
(2.7.8.dfsg-5.1ubuntu4.22)
|
|
| trusty |
Released
(2.9.1+dfsg1-3ubuntu4.13+esm1)
|
|
| upstream |
Released
(2.9.10)
|
|
| xenial |
Released
(2.9.3+dfsg1-1ubuntu0.7)
|
|
|
Patches: upstream: https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549 |
||