Описание
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| mapcache | unfixed | package | ||
| scilab | fixed | 2024.1.0+dfsg1-1 | package | |
| netcdf | fixed | 1:4.9.0-1 | package | |
| netcdf | ignored | bullseye | package | |
| netcdf | ignored | buster | package | |
| netcdf | not-affected | stretch | package | |
| netcdf-parallel | fixed | 1:4.9.0-1 | package | |
| netcdf-parallel | ignored | bullseye | package | |
| netcdf-parallel | ignored | buster | package |
Примечания
https://sourceforge.net/p/ezxml/bugs/25
mapcache only uses ezxml to parse config files which are trusted
EPSS
Связанные уязвимости
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
Уязвимость функции ezxml_internal_dtd библиотеки для синтаксического анализа XML-документов ezXML, позволяющая нарушителю вызвать отказ в обслуживании
EPSS