CVE-2018-14404

Priority
Description
A NULL pointer dereference vulnerability exists in the
xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing
an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case.
Applications processing untrusted XSL format inputs with the use of the
libxml2 library may be vulnerable to a denial of service attack due to a
crash of the application.
Assigned-to
leosilva
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (2.7.8.dfsg-5.1ubuntu4.21)
Ubuntu 14.04 ESM (Trusty Tahr):released (2.9.1+dfsg1-3ubuntu4.13)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.9.3+dfsg1-1ubuntu0.6)
Ubuntu 18.04 LTS (Bionic Beaver):released (2.9.4+dfsg1-6.1ubuntu1.2)
Patches:
Other:https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594
More Information

Updated: 2020-07-28 20:03:59 UTC (commit d26b6ca9f5b3adb89bb036ce73ae7dab894935ec)