system/libxml2: multiple vulnerabilities
Bugzilla ID | 234 |
Alias(es) | CVE-2019-20388, CVE-2020-7595 |
Reporter | Max Rees (sroracle) |
Assignee | Max Rees (sroracle) |
Reported | 2020-02-24 23:01:52 -0600 |
Modified | 2020-03-09 21:56:00 -0500 |
Status | RESOLVED FIXED |
Version | 1.0-RC1 |
Hardware | Adélie Linux / All |
Importance | --- / normal |
Description
CVE-2019-20388: https://nvd.nist.gov/vuln/detail/CVE-2019-20388
xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an
xmlSchemaValidateStream memory leak.
CVE-2020-7595: https://nvd.nist.gov/vuln/detail/CVE-2020-7595
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an
infinite loop in a certain end-of-file situation.