{"id":"UBUNTU-CVE-2019-20199","details":"An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen() on a NULL pointer.","modified":"2026-01-20T17:10:29.555443Z","published":"2019-12-31T21:15:00Z","upstream":["CVE-2019-20199"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-20199"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2019-20199"}],"affected":[{"package":{"name":"mapcache","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/mapcache@1.4.0-4?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.4.0-3","1.4.0-4"],"ecosystem_specific":{"binaries":[{"binary_name":"libapache2-mod-mapcache","binary_version":"1.4.0-4"},{"binary_name":"libmapcache1","binary_version":"1.4.0-4"},{"binary_name":"libmapcache1-dev","binary_version":"1.4.0-4"},{"binary_name":"mapcache-cgi","binary_version":"1.4.0-4"},{"binary_name":"mapcache-tools","binary_version":"1.4.0-4"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20199.json"}},{"package":{"name":"scilab","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/scilab@5.5.2-2ubuntu3+esm1?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.5.2-1ubuntu1","5.5.2-2ubuntu1","5.5.2-2ubuntu2","5.5.2-2ubuntu3","5.5.2-2ubuntu3+esm1"],"ecosystem_specific":{"binaries":[{"binary_name":"scilab","binary_version":"5.5.2-2ubuntu3+esm1"},{"binary_name":"scilab-cli","binary_version":"5.5.2-2ubuntu3+esm1"},{"binary_name":"scilab-data","binary_version":"5.5.2-2ubuntu3+esm1"},{"binary_name":"scilab-doc-fr","binary_version":"5.5.2-2ubuntu3+esm1"},{"binary_name":"scilab-doc-ja","binary_version":"5.5.2-2ubuntu3+esm1"},{"binary_name":"scilab-doc-pt-br","binary_version":"5.5.2-2ubuntu3+esm1"},{"binary_name":"scilab-full-bin","binary_version":"5.5.2-2ubuntu3+esm1"},{"binary_name":"scilab-include","binary_version":"5.5.2-2ubuntu3+esm1"},{"binary_name":"scilab-minimal-bin","binary_version":"5.5.2-2ubuntu3+esm1"},{"binary_name":"scilab-test","binary_version":"5.5.2-2ubuntu3+esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20199.json"}},{"package":{"name":"mapcache","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/mapcache@1.6.1-1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.6.0-2","1.6.1-1"],"ecosystem_specific":{"binaries":[{"binary_name":"libapache2-mod-mapcache","binary_version":"1.6.1-1"},{"binary_name":"libmapcache1","binary_version":"1.6.1-1"},{"binary_name":"libmapcache1-dev","binary_version":"1.6.1-1"},{"binary_name":"mapcache-cgi","binary_version":"1.6.1-1"},{"binary_name":"mapcache-tools","binary_version":"1.6.1-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20199.json"}},{"package":{"name":"scilab","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/scilab@6.0.1-7ubuntu1~18.04.2?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.5.2-4ubuntu2","5.5.2-6","6.0.0-1","6.0.1-1ubuntu1","6.0.1-7ubuntu1~18.04","6.0.1-7ubuntu1~18.04.1","6.0.1-7ubuntu1~18.04.2"],"ecosystem_specific":{"binaries":[{"binary_name":"scilab","binary_version":"6.0.1-7ubuntu1~18.04.2"},{"binary_name":"scilab-cli","binary_version":"6.0.1-7ubuntu1~18.04.2"},{"binary_name":"scilab-data","binary_version":"6.0.1-7ubuntu1~18.04.2"},{"binary_name":"scilab-doc-fr","binary_version":"6.0.1-7ubuntu1~18.04.2"},{"binary_name":"scilab-doc-ja","binary_version":"6.0.1-7ubuntu1~18.04.2"},{"binary_name":"scilab-doc-pt-br","binary_version":"6.0.1-7ubuntu1~18.04.2"},{"binary_name":"scilab-full-bin","binary_version":"6.0.1-7ubuntu1~18.04.2"},{"binary_name":"scilab-include","binary_version":"6.0.1-7ubuntu1~18.04.2"},{"binary_name":"scilab-minimal-bin","binary_version":"6.0.1-7ubuntu1~18.04.2"},{"binary_name":"scilab-test","binary_version":"6.0.1-7ubuntu1~18.04.2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20199.json"}},{"package":{"name":"mapcache","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/mapcache@1.10.0-1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.8.0-1","1.8.0-1build2","1.10.0-1"],"ecosystem_specific":{"binaries":[{"binary_name":"libapache2-mod-mapcache","binary_version":"1.10.0-1"},{"binary_name":"libmapcache1","binary_version":"1.10.0-1"},{"binary_name":"libmapcache1-dev","binary_version":"1.10.0-1"},{"binary_name":"mapcache-cgi","binary_version":"1.10.0-1"},{"binary_name":"mapcache-tools","binary_version":"1.10.0-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20199.json"}},{"package":{"name":"netcdf","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/netcdf@1:4.7.3-1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1:4.6.2-1build1","1:4.7.3-1"],"ecosystem_specific":{"binaries":[{"binary_name":"libnetcdf-dev","binary_version":"1:4.7.3-1"},{"binary_name":"libnetcdf15","binary_version":"1:4.7.3-1"},{"binary_name":"netcdf-bin","binary_version":"1:4.7.3-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20199.json"}},{"package":{"name":"netcdf-parallel","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/netcdf-parallel@1:4.6.2-1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1:4.6.2-1"],"ecosystem_specific":{"binaries":[{"binary_name":"libnetcdf-mpi-13","binary_version":"1:4.6.2-1"},{"binary_name":"libnetcdf-mpi-dev","binary_version":"1:4.6.2-1"},{"binary_name":"libnetcdf-pnetcdf-13","binary_version":"1:4.6.2-1"},{"binary_name":"libnetcdf-pnetcdf-dev","binary_version":"1:4.6.2-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20199.json"}},{"package":{"name":"scilab","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/scilab@6.1.0+dfsg1-1ubuntu3.1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["6.0.2-0ubuntu2","6.0.2-0ubuntu3","6.0.2-1fakesync5","6.1.0+dfsg1-1ubuntu3","6.1.0+dfsg1-1ubuntu3.1"],"ecosystem_specific":{"binaries":[{"binary_name":"scilab","binary_version":"6.1.0+dfsg1-1ubuntu3.1"},{"binary_name":"scilab-cli","binary_version":"6.1.0+dfsg1-1ubuntu3.1"},{"binary_name":"scilab-data","binary_version":"6.1.0+dfsg1-1ubuntu3.1"},{"binary_name":"scilab-doc-fr","binary_version":"6.1.0+dfsg1-1ubuntu3.1"},{"binary_name":"scilab-doc-ja","binary_version":"6.1.0+dfsg1-1ubuntu3.1"},{"binary_name":"scilab-doc-pt-br","binary_version":"6.1.0+dfsg1-1ubuntu3.1"},{"binary_name":"scilab-full-bin","binary_version":"6.1.0+dfsg1-1ubuntu3.1"},{"binary_name":"scilab-include","binary_version":"6.1.0+dfsg1-1ubuntu3.1"},{"binary_name":"scilab-minimal-bin","binary_version":"6.1.0+dfsg1-1ubuntu3.1"},{"binary_name":"scilab-test","binary_version":"6.1.0+dfsg1-1ubuntu3.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20199.json"}},{"package":{"name":"mapcache","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/mapcache@1.12.0-1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.10.0-2build1","1.10.0-2build3","1.12.0-1"],"ecosystem_specific":{"binaries":[{"binary_name":"libapache2-mod-mapcache","binary_version":"1.12.0-1"},{"binary_name":"libmapcache1","binary_version":"1.12.0-1"},{"binary_name":"libmapcache1-dev","binary_version":"1.12.0-1"},{"binary_name":"mapcache-cgi","binary_version":"1.12.0-1"},{"binary_name":"mapcache-tools","binary_version":"1.12.0-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20199.json"}},{"package":{"name":"netcdf","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/netcdf@1:4.8.1-1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1:4.7.4-1build1","1:4.8.1-1"],"ecosystem_specific":{"binaries":[{"binary_name":"libnetcdf-dev","binary_version":"1:4.8.1-1"},{"binary_name":"libnetcdf19","binary_version":"1:4.8.1-1"},{"binary_name":"netcdf-bin","binary_version":"1:4.8.1-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20199.json"}},{"package":{"name":"netcdf-parallel","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/netcdf-parallel@1:4.8.1-2?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1:4.7.4-1","1:4.8.1-2"],"ecosystem_specific":{"binaries":[{"binary_name":"libnetcdf-mpi-19","binary_version":"1:4.8.1-2"},{"binary_name":"libnetcdf-mpi-dev","binary_version":"1:4.8.1-2"},{"binary_name":"libnetcdf-pnetcdf-19","binary_version":"1:4.8.1-2"},{"binary_name":"libnetcdf-pnetcdf-dev","binary_version":"1:4.8.1-2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20199.json"}},{"package":{"name":"scilab","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/scilab@6.1.1+dfsg2-3ubuntu1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["6.1.0+dfsg1-7","6.1.1+dfsg2-3ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_name":"scilab","binary_version":"6.1.1+dfsg2-3ubuntu1"},{"binary_name":"scilab-cli","binary_version":"6.1.1+dfsg2-3ubuntu1"},{"binary_name":"scilab-data","binary_version":"6.1.1+dfsg2-3ubuntu1"},{"binary_name":"scilab-doc-fr","binary_version":"6.1.1+dfsg2-3ubuntu1"},{"binary_name":"scilab-doc-ja","binary_version":"6.1.1+dfsg2-3ubuntu1"},{"binary_name":"scilab-doc-pt-br","binary_version":"6.1.1+dfsg2-3ubuntu1"},{"binary_name":"scilab-full-bin","binary_version":"6.1.1+dfsg2-3ubuntu1"},{"binary_name":"scilab-include","binary_version":"6.1.1+dfsg2-3ubuntu1"},{"binary_name":"scilab-minimal-bin","binary_version":"6.1.1+dfsg2-3ubuntu1"},{"binary_name":"scilab-test","binary_version":"6.1.1+dfsg2-3ubuntu1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20199.json"}},{"package":{"name":"mapcache","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/mapcache@1.14.0-4build2?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.14.0-2","1.14.0-2build1","1.14.0-2build2","1.14.0-4build1","1.14.0-4build2"],"ecosystem_specific":{"binaries":[{"binary_name":"libapache2-mod-mapcache","binary_version":"1.14.0-4build2"},{"binary_name":"libmapcache-dev","binary_version":"1.14.0-4build2"},{"binary_name":"libmapcache1t64","binary_version":"1.14.0-4build2"},{"binary_name":"mapcache-cgi","binary_version":"1.14.0-4build2"},{"binary_name":"mapcache-tools","binary_version":"1.14.0-4build2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20199.json"}},{"package":{"name":"netcdf-parallel","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/netcdf-parallel@1:4.9.0-1ubuntu4?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1:4.9.0-1ubuntu1","1:4.9.0-1ubuntu3","1:4.9.0-1ubuntu4"],"ecosystem_specific":{"binaries":[{"binary_name":"libnetcdf-mpi-19","binary_version":"1:4.9.0-1ubuntu4"},{"binary_name":"libnetcdf-mpi-dev","binary_version":"1:4.9.0-1ubuntu4"},{"binary_name":"libnetcdf-pnetcdf-19","binary_version":"1:4.9.0-1ubuntu4"},{"binary_name":"libnetcdf-pnetcdf-dev","binary_version":"1:4.9.0-1ubuntu4"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20199.json"}},{"package":{"name":"scilab","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/scilab@2024.0.0+dfsg-5build3?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["6.1.1+dfsg2-9","6.1.1+dfsg2-9build1","6.1.1+dfsg2-10","2024.0.0+dfsg-5","2024.0.0+dfsg-5build2","2024.0.0+dfsg-5build3"],"ecosystem_specific":{"binaries":[{"binary_name":"scilab","binary_version":"2024.0.0+dfsg-5build3"},{"binary_name":"scilab-cli","binary_version":"2024.0.0+dfsg-5build3"},{"binary_name":"scilab-data","binary_version":"2024.0.0+dfsg-5build3"},{"binary_name":"scilab-doc-fr","binary_version":"2024.0.0+dfsg-5build3"},{"binary_name":"scilab-doc-ja","binary_version":"2024.0.0+dfsg-5build3"},{"binary_name":"scilab-doc-pt-br","binary_version":"2024.0.0+dfsg-5build3"},{"binary_name":"scilab-full-bin","binary_version":"2024.0.0+dfsg-5build3"},{"binary_name":"scilab-include","binary_version":"2024.0.0+dfsg-5build3"},{"binary_name":"scilab-minimal-bin","binary_version":"2024.0.0+dfsg-5build3"},{"binary_name":"scilab-test","binary_version":"2024.0.0+dfsg-5build3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20199.json"}},{"package":{"name":"mapcache","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/mapcache@1.14.1-3?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.14.1-1build1","1.14.1-3"],"ecosystem_specific":{"binaries":[{"binary_name":"libapache2-mod-mapcache","binary_version":"1.14.1-3"},{"binary_name":"libmapcache-dev","binary_version":"1.14.1-3"},{"binary_name":"libmapcache1t64","binary_version":"1.14.1-3"},{"binary_name":"mapcache-cgi","binary_version":"1.14.1-3"},{"binary_name":"mapcache-tools","binary_version":"1.14.1-3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20199.json"}},{"package":{"name":"netcdf-parallel","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/netcdf-parallel@1:4.9.3-2build1?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1:4.9.0-6build1","1:4.9.3-2","1:4.9.3-2build1"],"ecosystem_specific":{"binaries":[{"binary_name":"libnetcdf-mpi-22","binary_version":"1:4.9.3-2build1"},{"binary_name":"libnetcdf-mpi-dev","binary_version":"1:4.9.3-2build1"},{"binary_name":"libnetcdf-pnetcdf-22","binary_version":"1:4.9.3-2build1"},{"binary_name":"libnetcdf-pnetcdf-dev","binary_version":"1:4.9.3-2build1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20199.json"}},{"package":{"name":"scilab","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/scilab@2024.1.0+dfsg-7ubuntu1?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2024.1.0+dfsg-6build5","2024.1.0+dfsg-6ubuntu2","2024.1.0+dfsg-6ubuntu3","2024.1.0+dfsg-6ubuntu4","2024.1.0+dfsg-7ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_name":"scilab","binary_version":"2024.1.0+dfsg-7ubuntu1"},{"binary_name":"scilab-cli","binary_version":"2024.1.0+dfsg-7ubuntu1"},{"binary_name":"scilab-data","binary_version":"2024.1.0+dfsg-7ubuntu1"},{"binary_name":"scilab-doc-fr","binary_version":"2024.1.0+dfsg-7ubuntu1"},{"binary_name":"scilab-doc-ja","binary_version":"2024.1.0+dfsg-7ubuntu1"},{"binary_name":"scilab-doc-pt-br","binary_version":"2024.1.0+dfsg-7ubuntu1"},{"binary_name":"scilab-full-bin","binary_version":"2024.1.0+dfsg-7ubuntu1"},{"binary_name":"scilab-include","binary_version":"2024.1.0+dfsg-7ubuntu1"},{"binary_name":"scilab-minimal-bin","binary_version":"2024.1.0+dfsg-7ubuntu1"},{"binary_name":"scilab-test","binary_version":"2024.1.0+dfsg-7ubuntu1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20199.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]}