PT-2019-5584 · Libxml2+5 · Libxml2+5

Published

2019-08-07

Updated

2025-12-03

CVE-2019-19956

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libxml2 versions prior to 2.9.10

Description The issue is related to a memory leak in the xmlParseBalancedChunkMemoryRecover function in the parser.c file of the libxml2 library. This memory leak is associated with newDoc->oldNs. The vulnerability can be exploited by a remote attacker to cause a denial of service.

Recommendations For versions prior to 2.9.10, update to version 2.9.10 or later to resolve the memory leak issue. As a temporary workaround, consider restricting the use of the xmlParseBalancedChunkMemoryRecover function in parser.c until a patch is available.

Fix

Missing Release of Resource after Effective Lifetime

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-772CWE-401

Related Identifiers

ALT-PU-2019-3074

ALT-PU-2019-3079

BDU:2020-04513

CESA-2020_3996

CESA-2020_4479

CVE-2019-19956

DLA-2048-1

DLA-2369-1

MGASA-2020-0020

MGASA-2020-0271

OESA-2022-1582

OPENSUSE-SU-2020:0681-1

OPENSUSE-SU-2020:0781-1

OPENSUSE-SU-2020_0681-1

OPENSUSE-SU-2020_0781-1

OPENSUSE-SU-2024:11016-1

RHSA-2020:2644

RHSA-2020:3996

RHSA-2020:4479

RHSA-2020_3996

RHSA-2020_4479

SUSE-SU-2020:1299-1

SUSE-SU-2020:1532-1

SUSE-SU-2020:1532-2

SUSE-SU-2020:2609-1

SUSE-SU-2020_1299-1

SUSE-SU-2020_1532-1

SUSE-SU-2020_1532-2

SUSE-SU-2020_2609-1

SUSE-SU-2021:14729-1

SUSE-SU-2021_14729-1

USN-4274-1

Affected Products

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Libxml2

PT-2019-5584 · Libxml2+5 · Libxml2+5

CVE-2019-19956

Weakness Enumeration

Related Identifiers

Affected Products

References · 96