suse · CVE-2019-20005

Quick triage

Priority: medium Published: 2021-10-21 01:28:21 UTC Updated: 2025-11-05 02:52:46 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2019-20005 severity moderate: SUSE including 249 source package names (libnetcdf-gnu-hpc, libnetcdf-gnu-hpc-4.6.1-10.7.2, …), 642 product×package rows across 25 product lines (SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS, SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS, … (25 product lines)): Fixed 575, Known Not Affected 67.

Description:

An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to a heap-based buffer over-read while running strchr() starting with a pointer after a '\0' character (where the processing of a string was finished).

cvelogic Threat Intelligence