CVE-2019-19956

Advisory lineage Upstream: 0 Downstream: 19
Modified
Published: 24 Dec 2019, 15:12
Last modified:03 Dec 2025, 18:29

Vulnerability Summary

Overall Risk (default)
medium
30/100
CVSS Score
7.5 HIGH
v3.1 (cve.org)
EPSS Score
0.21% LOW
0% probability +0.06%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

24 Dec 2019, 15:12
Published
Vulnerability first disclosed
03 Dec 2025, 18:29
Last Modified
Vulnerability information updated

Description

xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.

CVSS Metrics

  • v3.1HIGHScore: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • v2.0MEDIUMScore: 5AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 0.21% Percentile: 43%

Techniques & Countermeasures

  • CWE-401Missing Release of Memory after Effective Lifetime

    The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

  • CWE-772Missing Release of Resource after Effective Lifetime

    The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

Affected Systems

  • canonicalubuntu_linux

    12.04 | 14.04 | 16.04 | 18.04 | 19.10

  • debiandebian_linux

    8.0 | 9.0

  • fedoraprojectfedora

    30 | 32

  • netappactive_iq_unified_manager

    na

  • netappclustered_data_ontap

    na

  • netappclustered_data_ontap_antivirus_connector

    na

  • netappmanageability_software_development_kit

    na

  • netappontap_select_deploy_administration_utility

    na

  • netappsteelstore_cloud_integrated_storage

    na

  • oraclereal_user_experience_insight

    13.3.1.0

  • siemenssinema_remote_connect_server

    < 3.0

  • xmlsoftlibxml2

    < 2.9.10

References (12)