CVE-2019-20005
26.12.2019, 22:15
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to a heap-based buffer over-read while running strchr() starting with a pointer after a '\0' character (where the processing of a string was finished).Enginsight
| Vendor | Product | Version |
|---|---|---|
| ezxml_project | ezxml | 0.8.3 ≤ 𝑥 ≤ 0.8.6 |
𝑥
= Vulnerable software versions
Debian Releases
Debian Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| mapcache |
| ||||||||||||
| netcdf |
| ||||||||||||
| netcdf-parallel |
| ||||||||||||
| scilab |
|
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| mapcache |
| ||||||||||||||||||||||||
| netcdf |
| ||||||||||||||||||||||||
| netcdf-parallel |
| ||||||||||||||||||||||||
| scilab |
|
Common Weakness Enumeration