{"id":"DEBIAN-CVE-2019-20007","details":"An issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezxml_str2utf8, while parsing a crafted XML file, performs zero-length reallocation in ezxml.c, leading to returning a NULL pointer (in some compilers). After this, the function ezxml_parse_str does not check whether the s variable is not NULL in ezxml.c, leading to a NULL pointer dereference and crash (segmentation fault).","modified":"2026-03-11T07:30:30.545578Z","published":"2019-12-26T22:15:10.920Z","upstream":["CVE-2019-20007"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2019-20007"}],"affected":[{"package":{"name":"mapcache","ecosystem":"Debian:11","purl":"pkg:deb/debian/mapcache?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.10.0-2","1.12.0-1","1.12.0-1~bpo11+1","1.12.0~rc1-1~exp1","1.12.1-1","1.12.1-1~bpo11+1","1.14.0-1","1.14.0-1~bpo11+1","1.14.0-2","1.14.0-2.1~exp1","1.14.0-3","1.14.0-3~exp1","1.14.0-3~exp2","1.14.0-4","1.14.1-1","1.14.1-1~bpo12+1","1.14.1-2","1.14.1-3"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2019-20007.json"}},{"package":{"name":"mapcache","ecosystem":"Debian:12","purl":"pkg:deb/debian/mapcache?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.14.0-1","1.14.0-2","1.14.0-2.1~exp1","1.14.0-3","1.14.0-3~exp1","1.14.0-3~exp2","1.14.0-4","1.14.1-1","1.14.1-1~bpo12+1","1.14.1-2","1.14.1-3"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2019-20007.json"}},{"package":{"name":"mapcache","ecosystem":"Debian:13","purl":"pkg:deb/debian/mapcache?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.14.1-3"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2019-20007.json"}},{"package":{"name":"mapcache","ecosystem":"Debian:14","purl":"pkg:deb/debian/mapcache?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.14.1-3"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2019-20007.json"}},{"package":{"name":"netcdf","ecosystem":"Debian:11","purl":"pkg:deb/debian/netcdf?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1:4.10.0-1","1:4.10.0-1~exp1","1:4.7.4-1","1:4.8.0-1~exp1","1:4.8.1-1","1:4.8.1-1~exp1","1:4.9.0-1","1:4.9.0-2","1:4.9.0-3","1:4.9.1-1~exp1","1:4.9.1~rc1-1~exp1","1:4.9.1~rc2-1~exp1","1:4.9.2-1","1:4.9.2-1~exp1","1:4.9.2-2","1:4.9.2-3","1:4.9.2-3.1~exp1","1:4.9.2-4","1:4.9.2-4~exp1","1:4.9.2-5","1:4.9.2-6","1:4.9.2-7","1:4.9.3-1","1:4.9.3-1~exp1","1:4.9.3-1~exp2","1:4.9.3~rc1-1~exp1","1:4.9.3~rc2-1~exp1"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2019-20007.json"}},{"package":{"name":"netcdf","ecosystem":"Debian:12","purl":"pkg:deb/debian/netcdf?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:4.9.0-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2019-20007.json"}},{"package":{"name":"netcdf","ecosystem":"Debian:13","purl":"pkg:deb/debian/netcdf?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:4.9.0-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2019-20007.json"}},{"package":{"name":"netcdf","ecosystem":"Debian:14","purl":"pkg:deb/debian/netcdf?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:4.9.0-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2019-20007.json"}},{"package":{"name":"netcdf-parallel","ecosystem":"Debian:11","purl":"pkg:deb/debian/netcdf-parallel?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1:4.7.4-1","1:4.8.1-1","1:4.8.1-2","1:4.9.0-1","1:4.9.0-3","1:4.9.0-4","1:4.9.0-5","1:4.9.0-6","1:4.9.3-1","1:4.9.3-2"],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2019-20007.json"}},{"package":{"name":"netcdf-parallel","ecosystem":"Debian:12","purl":"pkg:deb/debian/netcdf-parallel?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:4.9.0-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2019-20007.json"}},{"package":{"name":"netcdf-parallel","ecosystem":"Debian:13","purl":"pkg:deb/debian/netcdf-parallel?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:4.9.0-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2019-20007.json"}},{"package":{"name":"netcdf-parallel","ecosystem":"Debian:14","purl":"pkg:deb/debian/netcdf-parallel?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:4.9.0-1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2019-20007.json"}},{"package":{"name":"scilab","ecosystem":"Debian:11","purl":"pkg:deb/debian/scilab?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2024.0.0+dfsg-1","2024.0.0+dfsg-2","2024.0.0+dfsg-3","2024.0.0+dfsg-4","2024.0.0+dfsg-5","2024.0.0+dfsg-6","2024.1.0+dfsg-1","2024.1.0+dfsg-2","2024.1.0+dfsg-3","2024.1.0+dfsg-4","2024.1.0+dfsg-5","2024.1.0+dfsg-6","2024.1.0+dfsg-7","2024.1.0+dfsg-8","2024.1.0+dfsg1-1","6.1.0+dfsg1-7","6.1.1+dfsg2-1","6.1.1+dfsg2-10","6.1.1+dfsg2-2","6.1.1+dfsg2-3","6.1.1+dfsg2-4","6.1.1+dfsg2-4+0.riscv64.1","6.1.1+dfsg2-5","6.1.1+dfsg2-6","6.1.1+dfsg2-6~exp0","6.1.1+dfsg2-6~exp1","6.1.1+dfsg2-7","6.1.1+dfsg2-7~exp0","6.1.1+dfsg2-8","6.1.1+dfsg2-9"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2019-20007.json"}},{"package":{"name":"scilab","ecosystem":"Debian:12","purl":"pkg:deb/debian/scilab?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2024.0.0+dfsg-1","2024.0.0+dfsg-2","2024.0.0+dfsg-3","2024.0.0+dfsg-4","2024.0.0+dfsg-5","2024.0.0+dfsg-6","2024.1.0+dfsg-1","2024.1.0+dfsg-2","2024.1.0+dfsg-3","2024.1.0+dfsg-4","2024.1.0+dfsg-5","2024.1.0+dfsg-6","2024.1.0+dfsg-7","2024.1.0+dfsg-8","2024.1.0+dfsg1-1","6.1.1+dfsg2-10","6.1.1+dfsg2-6","6.1.1+dfsg2-7","6.1.1+dfsg2-7~exp0","6.1.1+dfsg2-8","6.1.1+dfsg2-9"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2019-20007.json"}},{"package":{"name":"scilab","ecosystem":"Debian:13","purl":"pkg:deb/debian/scilab?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2024.1.0+dfsg-6","2024.1.0+dfsg-6+deb13u1","2024.1.0+dfsg-7","2024.1.0+dfsg-8","2024.1.0+dfsg1-1"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2019-20007.json"}},{"package":{"name":"scilab","ecosystem":"Debian:14","purl":"pkg:deb/debian/scilab?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2024.1.0+dfsg1-1"}]}],"versions":["2024.1.0+dfsg-6","2024.1.0+dfsg-7","2024.1.0+dfsg-8"],"ecosystem_specific":{"urgency":"unimportant"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2019-20007.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}