{"id":"UBUNTU-CVE-2019-20006","details":"An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content puts a pointer to the internal address of a larger block as xml-\u003etxt. This is later deallocated (using free), leading to a segmentation fault.","modified":"2026-01-20T17:08:52.158535Z","published":"2019-12-26T22:15:00Z","upstream":["CVE-2019-20006"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-20006"},{"type":"REPORT","url":"https://sourceforge.net/p/ezxml/bugs/15/"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2019-20006"}],"affected":[{"package":{"name":"mapcache","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/mapcache@1.4.0-4?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.4.0-3","1.4.0-4"],"ecosystem_specific":{"binaries":[{"binary_version":"1.4.0-4","binary_name":"libapache2-mod-mapcache"},{"binary_version":"1.4.0-4","binary_name":"libmapcache1"},{"binary_version":"1.4.0-4","binary_name":"libmapcache1-dev"},{"binary_version":"1.4.0-4","binary_name":"mapcache-cgi"},{"binary_version":"1.4.0-4","binary_name":"mapcache-tools"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20006.json"}},{"package":{"name":"scilab","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/scilab@5.5.2-2ubuntu3+esm1?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.5.2-1ubuntu1","5.5.2-2ubuntu1","5.5.2-2ubuntu2","5.5.2-2ubuntu3","5.5.2-2ubuntu3+esm1"],"ecosystem_specific":{"binaries":[{"binary_version":"5.5.2-2ubuntu3+esm1","binary_name":"scilab"},{"binary_version":"5.5.2-2ubuntu3+esm1","binary_name":"scilab-cli"},{"binary_version":"5.5.2-2ubuntu3+esm1","binary_name":"scilab-data"},{"binary_version":"5.5.2-2ubuntu3+esm1","binary_name":"scilab-doc-fr"},{"binary_version":"5.5.2-2ubuntu3+esm1","binary_name":"scilab-doc-ja"},{"binary_version":"5.5.2-2ubuntu3+esm1","binary_name":"scilab-doc-pt-br"},{"binary_version":"5.5.2-2ubuntu3+esm1","binary_name":"scilab-full-bin"},{"binary_version":"5.5.2-2ubuntu3+esm1","binary_name":"scilab-include"},{"binary_version":"5.5.2-2ubuntu3+esm1","binary_name":"scilab-minimal-bin"},{"binary_version":"5.5.2-2ubuntu3+esm1","binary_name":"scilab-test"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20006.json"}},{"package":{"name":"mapcache","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/mapcache@1.6.1-1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.6.0-2","1.6.1-1"],"ecosystem_specific":{"binaries":[{"binary_version":"1.6.1-1","binary_name":"libapache2-mod-mapcache"},{"binary_version":"1.6.1-1","binary_name":"libmapcache1"},{"binary_version":"1.6.1-1","binary_name":"libmapcache1-dev"},{"binary_version":"1.6.1-1","binary_name":"mapcache-cgi"},{"binary_version":"1.6.1-1","binary_name":"mapcache-tools"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20006.json"}},{"package":{"name":"scilab","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/scilab@6.0.1-7ubuntu1~18.04.2?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.5.2-4ubuntu2","5.5.2-6","6.0.0-1","6.0.1-1ubuntu1","6.0.1-7ubuntu1~18.04","6.0.1-7ubuntu1~18.04.1","6.0.1-7ubuntu1~18.04.2"],"ecosystem_specific":{"binaries":[{"binary_version":"6.0.1-7ubuntu1~18.04.2","binary_name":"scilab"},{"binary_version":"6.0.1-7ubuntu1~18.04.2","binary_name":"scilab-cli"},{"binary_version":"6.0.1-7ubuntu1~18.04.2","binary_name":"scilab-data"},{"binary_version":"6.0.1-7ubuntu1~18.04.2","binary_name":"scilab-doc-fr"},{"binary_version":"6.0.1-7ubuntu1~18.04.2","binary_name":"scilab-doc-ja"},{"binary_version":"6.0.1-7ubuntu1~18.04.2","binary_name":"scilab-doc-pt-br"},{"binary_version":"6.0.1-7ubuntu1~18.04.2","binary_name":"scilab-full-bin"},{"binary_version":"6.0.1-7ubuntu1~18.04.2","binary_name":"scilab-include"},{"binary_version":"6.0.1-7ubuntu1~18.04.2","binary_name":"scilab-minimal-bin"},{"binary_version":"6.0.1-7ubuntu1~18.04.2","binary_name":"scilab-test"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20006.json"}},{"package":{"name":"mapcache","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/mapcache@1.10.0-1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.8.0-1","1.8.0-1build2","1.10.0-1"],"ecosystem_specific":{"binaries":[{"binary_version":"1.10.0-1","binary_name":"libapache2-mod-mapcache"},{"binary_version":"1.10.0-1","binary_name":"libmapcache1"},{"binary_version":"1.10.0-1","binary_name":"libmapcache1-dev"},{"binary_version":"1.10.0-1","binary_name":"mapcache-cgi"},{"binary_version":"1.10.0-1","binary_name":"mapcache-tools"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20006.json"}},{"package":{"name":"netcdf","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/netcdf@1:4.7.3-1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1:4.6.2-1build1","1:4.7.3-1"],"ecosystem_specific":{"binaries":[{"binary_version":"1:4.7.3-1","binary_name":"libnetcdf-dev"},{"binary_version":"1:4.7.3-1","binary_name":"libnetcdf15"},{"binary_version":"1:4.7.3-1","binary_name":"netcdf-bin"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20006.json"}},{"package":{"name":"netcdf-parallel","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/netcdf-parallel@1:4.6.2-1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1:4.6.2-1"],"ecosystem_specific":{"binaries":[{"binary_version":"1:4.6.2-1","binary_name":"libnetcdf-mpi-13"},{"binary_version":"1:4.6.2-1","binary_name":"libnetcdf-mpi-dev"},{"binary_version":"1:4.6.2-1","binary_name":"libnetcdf-pnetcdf-13"},{"binary_version":"1:4.6.2-1","binary_name":"libnetcdf-pnetcdf-dev"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20006.json"}},{"package":{"name":"scilab","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/scilab@6.1.0+dfsg1-1ubuntu3.1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["6.0.2-0ubuntu2","6.0.2-0ubuntu3","6.0.2-1fakesync5","6.1.0+dfsg1-1ubuntu3","6.1.0+dfsg1-1ubuntu3.1"],"ecosystem_specific":{"binaries":[{"binary_version":"6.1.0+dfsg1-1ubuntu3.1","binary_name":"scilab"},{"binary_version":"6.1.0+dfsg1-1ubuntu3.1","binary_name":"scilab-cli"},{"binary_version":"6.1.0+dfsg1-1ubuntu3.1","binary_name":"scilab-data"},{"binary_version":"6.1.0+dfsg1-1ubuntu3.1","binary_name":"scilab-doc-fr"},{"binary_version":"6.1.0+dfsg1-1ubuntu3.1","binary_name":"scilab-doc-ja"},{"binary_version":"6.1.0+dfsg1-1ubuntu3.1","binary_name":"scilab-doc-pt-br"},{"binary_version":"6.1.0+dfsg1-1ubuntu3.1","binary_name":"scilab-full-bin"},{"binary_version":"6.1.0+dfsg1-1ubuntu3.1","binary_name":"scilab-include"},{"binary_version":"6.1.0+dfsg1-1ubuntu3.1","binary_name":"scilab-minimal-bin"},{"binary_version":"6.1.0+dfsg1-1ubuntu3.1","binary_name":"scilab-test"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20006.json"}},{"package":{"name":"mapcache","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/mapcache@1.12.0-1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.10.0-2build1","1.10.0-2build3","1.12.0-1"],"ecosystem_specific":{"binaries":[{"binary_version":"1.12.0-1","binary_name":"libapache2-mod-mapcache"},{"binary_version":"1.12.0-1","binary_name":"libmapcache1"},{"binary_version":"1.12.0-1","binary_name":"libmapcache1-dev"},{"binary_version":"1.12.0-1","binary_name":"mapcache-cgi"},{"binary_version":"1.12.0-1","binary_name":"mapcache-tools"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20006.json"}},{"package":{"name":"netcdf","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/netcdf@1:4.8.1-1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1:4.7.4-1build1","1:4.8.1-1"],"ecosystem_specific":{"binaries":[{"binary_version":"1:4.8.1-1","binary_name":"libnetcdf-dev"},{"binary_version":"1:4.8.1-1","binary_name":"libnetcdf19"},{"binary_version":"1:4.8.1-1","binary_name":"netcdf-bin"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20006.json"}},{"package":{"name":"netcdf-parallel","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/netcdf-parallel@1:4.8.1-2?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1:4.7.4-1","1:4.8.1-2"],"ecosystem_specific":{"binaries":[{"binary_version":"1:4.8.1-2","binary_name":"libnetcdf-mpi-19"},{"binary_version":"1:4.8.1-2","binary_name":"libnetcdf-mpi-dev"},{"binary_version":"1:4.8.1-2","binary_name":"libnetcdf-pnetcdf-19"},{"binary_version":"1:4.8.1-2","binary_name":"libnetcdf-pnetcdf-dev"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20006.json"}},{"package":{"name":"scilab","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/scilab@6.1.1+dfsg2-3ubuntu1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["6.1.0+dfsg1-7","6.1.1+dfsg2-3ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"6.1.1+dfsg2-3ubuntu1","binary_name":"scilab"},{"binary_version":"6.1.1+dfsg2-3ubuntu1","binary_name":"scilab-cli"},{"binary_version":"6.1.1+dfsg2-3ubuntu1","binary_name":"scilab-data"},{"binary_version":"6.1.1+dfsg2-3ubuntu1","binary_name":"scilab-doc-fr"},{"binary_version":"6.1.1+dfsg2-3ubuntu1","binary_name":"scilab-doc-ja"},{"binary_version":"6.1.1+dfsg2-3ubuntu1","binary_name":"scilab-doc-pt-br"},{"binary_version":"6.1.1+dfsg2-3ubuntu1","binary_name":"scilab-full-bin"},{"binary_version":"6.1.1+dfsg2-3ubuntu1","binary_name":"scilab-include"},{"binary_version":"6.1.1+dfsg2-3ubuntu1","binary_name":"scilab-minimal-bin"},{"binary_version":"6.1.1+dfsg2-3ubuntu1","binary_name":"scilab-test"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20006.json"}},{"package":{"name":"mapcache","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/mapcache@1.14.0-4build2?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.14.0-2","1.14.0-2build1","1.14.0-2build2","1.14.0-4build1","1.14.0-4build2"],"ecosystem_specific":{"binaries":[{"binary_version":"1.14.0-4build2","binary_name":"libapache2-mod-mapcache"},{"binary_version":"1.14.0-4build2","binary_name":"libmapcache-dev"},{"binary_version":"1.14.0-4build2","binary_name":"libmapcache1t64"},{"binary_version":"1.14.0-4build2","binary_name":"mapcache-cgi"},{"binary_version":"1.14.0-4build2","binary_name":"mapcache-tools"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20006.json"}},{"package":{"name":"scilab","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/scilab@2024.0.0+dfsg-5build3?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["6.1.1+dfsg2-9","6.1.1+dfsg2-9build1","6.1.1+dfsg2-10","2024.0.0+dfsg-5","2024.0.0+dfsg-5build2","2024.0.0+dfsg-5build3"],"ecosystem_specific":{"binaries":[{"binary_version":"2024.0.0+dfsg-5build3","binary_name":"scilab"},{"binary_version":"2024.0.0+dfsg-5build3","binary_name":"scilab-cli"},{"binary_version":"2024.0.0+dfsg-5build3","binary_name":"scilab-data"},{"binary_version":"2024.0.0+dfsg-5build3","binary_name":"scilab-doc-fr"},{"binary_version":"2024.0.0+dfsg-5build3","binary_name":"scilab-doc-ja"},{"binary_version":"2024.0.0+dfsg-5build3","binary_name":"scilab-doc-pt-br"},{"binary_version":"2024.0.0+dfsg-5build3","binary_name":"scilab-full-bin"},{"binary_version":"2024.0.0+dfsg-5build3","binary_name":"scilab-include"},{"binary_version":"2024.0.0+dfsg-5build3","binary_name":"scilab-minimal-bin"},{"binary_version":"2024.0.0+dfsg-5build3","binary_name":"scilab-test"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20006.json"}},{"package":{"name":"mapcache","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/mapcache@1.14.1-3?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.14.1-1build1","1.14.1-3"],"ecosystem_specific":{"binaries":[{"binary_version":"1.14.1-3","binary_name":"libapache2-mod-mapcache"},{"binary_version":"1.14.1-3","binary_name":"libmapcache-dev"},{"binary_version":"1.14.1-3","binary_name":"libmapcache1t64"},{"binary_version":"1.14.1-3","binary_name":"mapcache-cgi"},{"binary_version":"1.14.1-3","binary_name":"mapcache-tools"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20006.json"}},{"package":{"name":"scilab","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/scilab@2024.1.0+dfsg-7ubuntu1?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2024.1.0+dfsg-6build5","2024.1.0+dfsg-6ubuntu2","2024.1.0+dfsg-6ubuntu3","2024.1.0+dfsg-6ubuntu4","2024.1.0+dfsg-7ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"2024.1.0+dfsg-7ubuntu1","binary_name":"scilab"},{"binary_version":"2024.1.0+dfsg-7ubuntu1","binary_name":"scilab-cli"},{"binary_version":"2024.1.0+dfsg-7ubuntu1","binary_name":"scilab-data"},{"binary_version":"2024.1.0+dfsg-7ubuntu1","binary_name":"scilab-doc-fr"},{"binary_version":"2024.1.0+dfsg-7ubuntu1","binary_name":"scilab-doc-ja"},{"binary_version":"2024.1.0+dfsg-7ubuntu1","binary_name":"scilab-doc-pt-br"},{"binary_version":"2024.1.0+dfsg-7ubuntu1","binary_name":"scilab-full-bin"},{"binary_version":"2024.1.0+dfsg-7ubuntu1","binary_name":"scilab-include"},{"binary_version":"2024.1.0+dfsg-7ubuntu1","binary_name":"scilab-minimal-bin"},{"binary_version":"2024.1.0+dfsg-7ubuntu1","binary_name":"scilab-test"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20006.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]}