View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2019-20006 severity moderate: SUSE including 249 source package names (libnetcdf-gnu-hpc, libnetcdf-gnu-hpc-4.6.1-10.7.2, …), 642 product×package rows across 25 product lines (SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS, SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS, … (25 product lines)): Fixed 575, Known Not Affected 67.
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content puts a pointer to the internal address of a larger block as xml->txt. This is later deallocated (using free), leading to a segmentation fault.