CVE-2018-14404 (retired)

Priority
Description
A NULL pointer dereference vulnerability exists in the
xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when parsing
an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case.
Applications processing untrusted XSL format inputs with the use of the
libxml2 library may be vulnerable to a denial of service attack due to a
crash of the application.
Assigned-to
leosilva
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (2.7.8.dfsg-5.1ubuntu4.21)
Ubuntu 14.04 LTS (Trusty Tahr):released (2.9.1+dfsg1-3ubuntu4.13)
Ubuntu 16.04 LTS (Xenial Xerus):released (2.9.3+dfsg1-1ubuntu0.6)
Ubuntu 18.04 LTS (Bionic Beaver):released (2.9.4+dfsg1-6.1ubuntu1.2)
Ubuntu 18.10 (Cosmic Cuttlefish):released (2.9.4+dfsg1-7ubuntu1)
Patches:
Other:https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594
More Information

Updated: 2019-03-26 12:27:04 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)