CVE-2019-20006: Use After Free
First published: Thu Dec 26 2019(Updated: )
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content puts a pointer to the internal address of a larger block as xml->txt. This is later deallocated (using free), leading to a segmentation fault.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ezxml Project Ezxml | >=0.8.3<=0.8.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2019-20006.
What is the severity of CVE-2019-20006?
CVE-2019-20006 has a severity rating of high, with a value of 7.5.
Which software versions are affected by CVE-2019-20006?
Versions 0.8.3 through 0.8.6 of ezXML are affected by CVE-2019-20006.
What is the Common Weakness Enumeration (CWE) ID for this vulnerability?
The CWE ID for CVE-2019-20006 is 416.
How can I fix CVE-2019-20006?
To fix CVE-2019-20006, it is recommended to update to a version of ezXML that is not affected by the vulnerability.
- collector/nvd-index
- vendor/ezxml project
- canonical/ezxml project ezxml
- version/ezxml project ezxml/0.8.3
- version/ezxml project ezxml/0.8.6