Memory Leak Vulnerability in libxml2 Affects Multiple Distributions
CVE-2019-19956

7.5HIGH

Key Information:

Vendor

Xmlsoft

Status
Libxml2
Vendor
CVE Published:
24 December 2019

What is CVE-2019-19956?

The memory leak vulnerability in libxml2 can lead to inefficient memory usage in applications relying on this XML parsing library. The issue originates from the xmlParseBalancedChunkMemoryRecover function in the parser.c file, where a leak associated with old namespace memory occurs. This flaw can affect a range of software relying on libxml2 across various platforms such as Debian, Ubuntu, Fedora, and openSUSE, increasing the risk of performance degradation and unexpected behavior in applications using this library.

References

https://lists.debian.org/debian-lts-announce/2019/12/msg0...
mailing-listx_refsource_MLIST
https://usn.ubuntu.com/4274-1/
vendor-advisoryx_refsource_UBUNTU
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.