The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of libxml2: memory leak via xmlParseBalancedChunkMemoryRecover

Synthesis of the vulnerability

An attacker can create a memory leak via xmlParseBalancedChunkMemoryRecover() of libxml2, in order to trigger a denial of service.
Severity of this weakness: 1/4.
Creation date: 30/12/2019.
Références of this bulletin: CVE-2019-19956, DLA-2048-1, VIGILANCE-VUL-31236.

Description of the vulnerability

An attacker can create a memory leak via xmlParseBalancedChunkMemoryRecover() of libxml2, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Request your free trial)

This cybersecurity weakness impacts software or systems such as Debian, libxml.

Our Vigil@nce team determined that the severity of this security vulnerability is low.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this vulnerability bulletin.

Solutions for this threat

libxml2: version 2.9.10.
The version 2.9.10 is fixed:
  ftp://xmlsoft.org/libxml2/

libxml2: patch for xmlParseBalancedChunkMemoryRecover.
A patch is indicated in information sources.

Debian 8: new libxml2 packages.
New packages are available:
  Debian 8: libxml2 2.9.1+dfsg1-5+deb8u8
Full Vigil@nce bulletin... (Request your free trial)

Computer vulnerabilities tracking service

Vigil@nce provides computer vulnerability alerts. The technology watch team tracks security threats targeting the computer system.