First published: Tue Dec 31 2019(Updated: )
An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Ezxml Project Ezxml | >=0.8.3<=0.8.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-20201 is a vulnerability discovered in ezXML versions 0.8.3 through 0.8.6 that mishandles XML entities, leading to an infinite loop and memory allocation issues.
Ezxml Project Ezxml versions 0.8.3 through 0.8.6 are affected by CVE-2019-20201.
The severity of CVE-2019-20201 is medium with a severity value of 6.5.
To fix CVE-2019-20201, update your ezXML software to a version higher than 0.8.6.
You can find more information about CVE-2019-20201 at the following link: [https://sourceforge.net/p/ezxml/bugs/16/]