{"id":"UBUNTU-CVE-2019-20007","details":"An issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezxml_str2utf8, while parsing a crafted XML file, performs zero-length reallocation in ezxml.c, leading to returning a NULL pointer (in some compilers). After this, the function ezxml_parse_str does not check whether the s variable is not NULL in ezxml.c, leading to a NULL pointer dereference and crash (segmentation fault).","modified":"2026-05-20T16:03:52.521417382Z","published":"2019-12-26T22:15:00Z","upstream":["CVE-2019-20007"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-20007"},{"type":"REPORT","url":"https://sourceforge.net/p/ezxml/bugs/13/"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2019-20007"}],"affected":[{"package":{"name":"mapcache","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/mapcache?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.4.0-3","1.4.0-4"],"ecosystem_specific":{"binaries":[{"binary_name":"libapache2-mod-mapcache","binary_version":"1.4.0-4"},{"binary_name":"libmapcache1","binary_version":"1.4.0-4"},{"binary_name":"mapcache-cgi","binary_version":"1.4.0-4"},{"binary_name":"mapcache-tools","binary_version":"1.4.0-4"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20007.json"}},{"package":{"name":"scilab","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/scilab?arch=source&distro=esm-apps%2Fxenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.5.2-1ubuntu1","5.5.2-2ubuntu1","5.5.2-2ubuntu2","5.5.2-2ubuntu3","5.5.2-2ubuntu3+esm1"],"ecosystem_specific":{"binaries":[{"binary_name":"scilab","binary_version":"5.5.2-2ubuntu3+esm1"},{"binary_name":"scilab-cli","binary_version":"5.5.2-2ubuntu3+esm1"},{"binary_name":"scilab-data","binary_version":"5.5.2-2ubuntu3+esm1"},{"binary_name":"scilab-doc-fr","binary_version":"5.5.2-2ubuntu3+esm1"},{"binary_name":"scilab-doc-ja","binary_version":"5.5.2-2ubuntu3+esm1"},{"binary_name":"scilab-doc-pt-br","binary_version":"5.5.2-2ubuntu3+esm1"},{"binary_name":"scilab-full-bin","binary_version":"5.5.2-2ubuntu3+esm1"},{"binary_name":"scilab-include","binary_version":"5.5.2-2ubuntu3+esm1"},{"binary_name":"scilab-minimal-bin","binary_version":"5.5.2-2ubuntu3+esm1"},{"binary_name":"scilab-test","binary_version":"5.5.2-2ubuntu3+esm1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20007.json"}},{"package":{"name":"mapcache","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/mapcache?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.6.0-2","1.6.1-1"],"ecosystem_specific":{"binaries":[{"binary_name":"libapache2-mod-mapcache","binary_version":"1.6.1-1"},{"binary_name":"libmapcache1","binary_version":"1.6.1-1"},{"binary_name":"mapcache-cgi","binary_version":"1.6.1-1"},{"binary_name":"mapcache-tools","binary_version":"1.6.1-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20007.json"}},{"package":{"name":"scilab","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/scilab?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.5.2-4ubuntu2","5.5.2-6","6.0.0-1","6.0.1-1ubuntu1","6.0.1-7ubuntu1~18.04","6.0.1-7ubuntu1~18.04.1","6.0.1-7ubuntu1~18.04.2"],"ecosystem_specific":{"binaries":[{"binary_name":"scilab","binary_version":"6.0.1-7ubuntu1~18.04.2"},{"binary_name":"scilab-cli","binary_version":"6.0.1-7ubuntu1~18.04.2"},{"binary_name":"scilab-data","binary_version":"6.0.1-7ubuntu1~18.04.2"},{"binary_name":"scilab-doc-fr","binary_version":"6.0.1-7ubuntu1~18.04.2"},{"binary_name":"scilab-doc-ja","binary_version":"6.0.1-7ubuntu1~18.04.2"},{"binary_name":"scilab-doc-pt-br","binary_version":"6.0.1-7ubuntu1~18.04.2"},{"binary_name":"scilab-full-bin","binary_version":"6.0.1-7ubuntu1~18.04.2"},{"binary_name":"scilab-include","binary_version":"6.0.1-7ubuntu1~18.04.2"},{"binary_name":"scilab-minimal-bin","binary_version":"6.0.1-7ubuntu1~18.04.2"},{"binary_name":"scilab-test","binary_version":"6.0.1-7ubuntu1~18.04.2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20007.json"}},{"package":{"name":"mapcache","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/mapcache?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.8.0-1","1.8.0-1build2","1.10.0-1"],"ecosystem_specific":{"binaries":[{"binary_name":"libapache2-mod-mapcache","binary_version":"1.10.0-1"},{"binary_name":"libmapcache1","binary_version":"1.10.0-1"},{"binary_name":"mapcache-cgi","binary_version":"1.10.0-1"},{"binary_name":"mapcache-tools","binary_version":"1.10.0-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20007.json"}},{"package":{"name":"netcdf","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/netcdf?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1:4.6.2-1build1","1:4.7.3-1"],"ecosystem_specific":{"binaries":[{"binary_name":"libnetcdf15","binary_version":"1:4.7.3-1"},{"binary_name":"netcdf-bin","binary_version":"1:4.7.3-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20007.json"}},{"package":{"name":"netcdf-parallel","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/netcdf-parallel?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1:4.6.2-1"],"ecosystem_specific":{"binaries":[{"binary_name":"libnetcdf-mpi-13","binary_version":"1:4.6.2-1"},{"binary_name":"libnetcdf-pnetcdf-13","binary_version":"1:4.6.2-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20007.json"}},{"package":{"name":"scilab","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/scilab?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["6.0.2-0ubuntu2","6.0.2-0ubuntu3","6.0.2-1fakesync5","6.1.0+dfsg1-1ubuntu3","6.1.0+dfsg1-1ubuntu3.1"],"ecosystem_specific":{"binaries":[{"binary_name":"scilab","binary_version":"6.1.0+dfsg1-1ubuntu3.1"},{"binary_name":"scilab-cli","binary_version":"6.1.0+dfsg1-1ubuntu3.1"},{"binary_name":"scilab-data","binary_version":"6.1.0+dfsg1-1ubuntu3.1"},{"binary_name":"scilab-doc-fr","binary_version":"6.1.0+dfsg1-1ubuntu3.1"},{"binary_name":"scilab-doc-ja","binary_version":"6.1.0+dfsg1-1ubuntu3.1"},{"binary_name":"scilab-doc-pt-br","binary_version":"6.1.0+dfsg1-1ubuntu3.1"},{"binary_name":"scilab-full-bin","binary_version":"6.1.0+dfsg1-1ubuntu3.1"},{"binary_name":"scilab-include","binary_version":"6.1.0+dfsg1-1ubuntu3.1"},{"binary_name":"scilab-minimal-bin","binary_version":"6.1.0+dfsg1-1ubuntu3.1"},{"binary_name":"scilab-test","binary_version":"6.1.0+dfsg1-1ubuntu3.1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20007.json"}},{"package":{"name":"mapcache","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/mapcache?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.10.0-2build1","1.10.0-2build3","1.12.0-1"],"ecosystem_specific":{"binaries":[{"binary_name":"libapache2-mod-mapcache","binary_version":"1.12.0-1"},{"binary_name":"libmapcache1","binary_version":"1.12.0-1"},{"binary_name":"mapcache-cgi","binary_version":"1.12.0-1"},{"binary_name":"mapcache-tools","binary_version":"1.12.0-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20007.json"}},{"package":{"name":"netcdf","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/netcdf?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1:4.7.4-1build1","1:4.8.1-1"],"ecosystem_specific":{"binaries":[{"binary_name":"libnetcdf19","binary_version":"1:4.8.1-1"},{"binary_name":"netcdf-bin","binary_version":"1:4.8.1-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20007.json"}},{"package":{"name":"netcdf-parallel","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/netcdf-parallel?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1:4.7.4-1","1:4.8.1-2"],"ecosystem_specific":{"binaries":[{"binary_name":"libnetcdf-mpi-19","binary_version":"1:4.8.1-2"},{"binary_name":"libnetcdf-pnetcdf-19","binary_version":"1:4.8.1-2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20007.json"}},{"package":{"name":"scilab","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/scilab?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["6.1.0+dfsg1-7","6.1.1+dfsg2-3ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_name":"scilab","binary_version":"6.1.1+dfsg2-3ubuntu1"},{"binary_name":"scilab-cli","binary_version":"6.1.1+dfsg2-3ubuntu1"},{"binary_name":"scilab-data","binary_version":"6.1.1+dfsg2-3ubuntu1"},{"binary_name":"scilab-doc-fr","binary_version":"6.1.1+dfsg2-3ubuntu1"},{"binary_name":"scilab-doc-ja","binary_version":"6.1.1+dfsg2-3ubuntu1"},{"binary_name":"scilab-doc-pt-br","binary_version":"6.1.1+dfsg2-3ubuntu1"},{"binary_name":"scilab-full-bin","binary_version":"6.1.1+dfsg2-3ubuntu1"},{"binary_name":"scilab-include","binary_version":"6.1.1+dfsg2-3ubuntu1"},{"binary_name":"scilab-minimal-bin","binary_version":"6.1.1+dfsg2-3ubuntu1"},{"binary_name":"scilab-test","binary_version":"6.1.1+dfsg2-3ubuntu1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20007.json"}},{"package":{"name":"mapcache","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/mapcache?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.14.0-2","1.14.0-2build1","1.14.0-2build2","1.14.0-4build1","1.14.0-4build2"],"ecosystem_specific":{"binaries":[{"binary_name":"libapache2-mod-mapcache","binary_version":"1.14.0-4build2"},{"binary_name":"libmapcache1t64","binary_version":"1.14.0-4build2"},{"binary_name":"mapcache-cgi","binary_version":"1.14.0-4build2"},{"binary_name":"mapcache-tools","binary_version":"1.14.0-4build2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20007.json"}},{"package":{"name":"scilab","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/scilab?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["6.1.1+dfsg2-9","6.1.1+dfsg2-9build1","6.1.1+dfsg2-10","2024.0.0+dfsg-5","2024.0.0+dfsg-5build2","2024.0.0+dfsg-5build3"],"ecosystem_specific":{"binaries":[{"binary_name":"scilab","binary_version":"2024.0.0+dfsg-5build3"},{"binary_name":"scilab-cli","binary_version":"2024.0.0+dfsg-5build3"},{"binary_name":"scilab-data","binary_version":"2024.0.0+dfsg-5build3"},{"binary_name":"scilab-doc-fr","binary_version":"2024.0.0+dfsg-5build3"},{"binary_name":"scilab-doc-ja","binary_version":"2024.0.0+dfsg-5build3"},{"binary_name":"scilab-doc-pt-br","binary_version":"2024.0.0+dfsg-5build3"},{"binary_name":"scilab-full-bin","binary_version":"2024.0.0+dfsg-5build3"},{"binary_name":"scilab-include","binary_version":"2024.0.0+dfsg-5build3"},{"binary_name":"scilab-minimal-bin","binary_version":"2024.0.0+dfsg-5build3"},{"binary_name":"scilab-test","binary_version":"2024.0.0+dfsg-5build3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20007.json"}},{"package":{"name":"mapcache","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/mapcache?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.14.1-1build1","1.14.1-3"],"ecosystem_specific":{"binaries":[{"binary_name":"libapache2-mod-mapcache","binary_version":"1.14.1-3"},{"binary_name":"libmapcache1t64","binary_version":"1.14.1-3"},{"binary_name":"mapcache-cgi","binary_version":"1.14.1-3"},{"binary_name":"mapcache-tools","binary_version":"1.14.1-3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20007.json"}},{"package":{"name":"scilab","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/scilab?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2024.1.0+dfsg-6build5","2024.1.0+dfsg-6ubuntu2","2024.1.0+dfsg-6ubuntu3","2024.1.0+dfsg-6ubuntu4","2024.1.0+dfsg-7ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_name":"scilab","binary_version":"2024.1.0+dfsg-7ubuntu1"},{"binary_name":"scilab-cli","binary_version":"2024.1.0+dfsg-7ubuntu1"},{"binary_name":"scilab-data","binary_version":"2024.1.0+dfsg-7ubuntu1"},{"binary_name":"scilab-doc-fr","binary_version":"2024.1.0+dfsg-7ubuntu1"},{"binary_name":"scilab-doc-ja","binary_version":"2024.1.0+dfsg-7ubuntu1"},{"binary_name":"scilab-doc-pt-br","binary_version":"2024.1.0+dfsg-7ubuntu1"},{"binary_name":"scilab-full-bin","binary_version":"2024.1.0+dfsg-7ubuntu1"},{"binary_name":"scilab-include","binary_version":"2024.1.0+dfsg-7ubuntu1"},{"binary_name":"scilab-minimal-bin","binary_version":"2024.1.0+dfsg-7ubuntu1"},{"binary_name":"scilab-test","binary_version":"2024.1.0+dfsg-7ubuntu1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20007.json"}},{"package":{"name":"mapcache","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/mapcache?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.14.1-3","1.14.1-3build1","1.14.1-3build2"],"ecosystem_specific":{"binaries":[{"binary_name":"libapache2-mod-mapcache","binary_version":"1.14.1-3build2"},{"binary_name":"libmapcache1t64","binary_version":"1.14.1-3build2"},{"binary_name":"mapcache-cgi","binary_version":"1.14.1-3build2"},{"binary_name":"mapcache-tools","binary_version":"1.14.1-3build2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20007.json"}},{"package":{"name":"scilab","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/scilab?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2024.1.0+dfsg-7ubuntu1","2024.1.0+dfsg-8","2024.1.0+dfsg-8build2","2024.1.0+dfsg-8build3","2024.1.0+dfsg-8build4","2024.1.0+dfsg-8build5","2024.1.0+dfsg1-1","2024.1.0+dfsg1-1ubuntu1","2024.1.0+dfsg1-2"],"ecosystem_specific":{"binaries":[{"binary_name":"scilab","binary_version":"2024.1.0+dfsg1-2"},{"binary_name":"scilab-cli","binary_version":"2024.1.0+dfsg1-2"},{"binary_name":"scilab-data","binary_version":"2024.1.0+dfsg1-2"},{"binary_name":"scilab-doc-fr","binary_version":"2024.1.0+dfsg1-2"},{"binary_name":"scilab-doc-ja","binary_version":"2024.1.0+dfsg1-2"},{"binary_name":"scilab-doc-pt-br","binary_version":"2024.1.0+dfsg1-2"},{"binary_name":"scilab-full-bin","binary_version":"2024.1.0+dfsg1-2"},{"binary_name":"scilab-include","binary_version":"2024.1.0+dfsg1-2"},{"binary_name":"scilab-minimal-bin","binary_version":"2024.1.0+dfsg1-2"},{"binary_name":"scilab-test","binary_version":"2024.1.0+dfsg1-2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-20007.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"low"}]}