An issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezxml_str2utf8, while parsing a crafted XML file, performs zero-length reallocation in ezxml.c, leading to returning a NULL pointer (in some compilers). After this, the function ezxml_parse_str does not check whether the s variable is not NULL in ezxml.c, leading to a NULL pointer dereference and crash (segmentation fault).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | mapcache | <= 1.14.0-1 | mapcache_1.14.0-1_all.deb |
Debian | 11 | all | mapcache | <= 1.10.0-2 | mapcache_1.10.0-2_all.deb |
Debian | 10 | all | mapcache | <= 1.6.1-3 | mapcache_1.6.1-3_all.deb |
Debian | 999 | all | mapcache | <= 1.14.0-4 | mapcache_1.14.0-4_all.deb |
Debian | 13 | all | mapcache | <= 1.14.0-4 | mapcache_1.14.0-4_all.deb |
Debian | 12 | all | netcdf | < 1:4.9.0-1 | netcdf_1:4.9.0-1_all.deb |
Debian | 11 | all | netcdf | <= 1:4.7.4-1 | netcdf_1:4.7.4-1_all.deb |
Debian | 10 | all | netcdf | <= 1:4.6.2-1 | netcdf_1:4.6.2-1_all.deb |
Debian | 999 | all | netcdf | < 1:4.9.0-1 | netcdf_1:4.9.0-1_all.deb |
Debian | 13 | all | netcdf | < 1:4.9.0-1 | netcdf_1:4.9.0-1_all.deb |