CVE-2019-19956

HIGH

libxml2 < 2.9.10 - Memory Leak in xmlParseBalancedChunkMemoryRecover

Title source: llm
STIX 2.1

Description

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.

References (12)

Core 12
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html
Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujul2020.html
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20200114-0002/
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/09/msg00009.html
Third Party Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf
Third Party Advisory, US Government Resource x_refsource_confirm
https://us-cert.cisa.gov/ics/advisories/icsa-21-103-08
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4274-1/

Scores

CVSS v3 7.5
EPSS 0.0567
EPSS Percentile 92.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-772 CWE-401
Status published
Products (18)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 19.10
debian/debian_linux 8.0
debian/debian_linux 9.0
fedoraproject/fedora 30
fedoraproject/fedora 32
netapp/active_iq_unified_manager
... and 8 more
Published Dec 24, 2019
Tracked Since Feb 18, 2026