FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libxml -- multiple vulnerabilities

Affected packages
libxml2 < 2.9.10_1

Details

VuXML ID f5abafc0-fcf6-11ea-8758-e0d55e2a8bf9
Discovery 2020-01-21
Entry 2020-09-22

CVE mitre reports:

CVE-2019-20388

xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak.

CVE-2020-7595

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.

CVE-2020-24977

GNOME project libxml2 v2.9.10 and earlier have a global buffer over-read vulnerability in xmlEncodeEntitiesInternal

References

URL https://nvd.nist.gov/vuln/detail/CVE-2019-20388
URL https://nvd.nist.gov/vuln/detail/CVE-2020-24977
URL https://nvd.nist.gov/vuln/detail/CVE-2020-7595