Unrated severityNVD Advisory· Published Dec 31, 2019· Updated Aug 5, 2024

CVE-2019-20201

Description

An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

ezXML 0.8.3-0.8.6 has an infinite loop in ezxml_decode due to improper XML entity handling, leading to denial of service via memory exhaustion.

Vulnerability

The ezXML library versions 0.8.3 through 0.8.6 contain a denial of service vulnerability in the ezxml_parse_* functions. The ezxml_decode function mishandles XML entity references, causing a loop that does not terminate on crafted input. This results in repeated memory allocations without bound [1].

Exploitation

An attacker can provide a specially crafted XML file to an application using ezXML. No authentication or special privileges are required; the attacker only needs to deliver the malicious XML to a parser call. The victim process will enter an infinite loop, rapidly allocating memory until system resources are exhausted [1].

Impact

Successful exploitation leads to a denial of service condition. The affected process becomes unresponsive or crashes due to memory exhaustion. No data integrity or confidentiality is compromised, but availability is severely impacted [1].

Mitigation

As of the reference, the bug report remains open. However, a comment suggests that the issue is resolved by the fix for bug 26, though no specific patch version is mentioned [1]. Users should update to a version of ezXML that includes the fix for bug 26, or avoid parsing untrusted XML files with affected versions. No CVE listing in KEV was identified.

References

ezXML / Bugs / #16 Denial of Service vulnerability (infinite loop) while parsing malicious XML files

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

ezXML/ezXMLdescription
ezXML/ezXMLllm-create
Range: >=0.8.3 <=0.8.6
osv-coords57 versions
pkg:rpm/opensuse/netcdf_4_6_1-gnu-hpc&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/netcdf_4_6_1-gnu-mpich-hpc&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/netcdf_4_6_1-gnu-mvapich2-hpc&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/netcdf_4_6_1-gnu-openmpi1-hpc&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/netcdf_4_6_1-gnu-openmpi2-hpc&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/netcdf_4_7_3-gnu-hpc&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/netcdf_4_7_3-gnu-hpc&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/netcdf_4_7_3-gnu-mpich-hpc&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/netcdf_4_7_3-gnu-mpich-hpc&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/netcdf_4_7_3-gnu-mvapich2-hpc&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/netcdf_4_7_3-gnu-mvapich2-hpc&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/netcdf_4_7_3-gnu-openmpi2-hpc&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/netcdf_4_7_3-gnu-openmpi2-hpc&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/netcdf_4_7_3-gnu-openmpi3-hpc&distro=openSUSE%20Leap%2015.2 pkg:rpm/opensuse/netcdf_4_7_3-gnu-openmpi3-hpc&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/netcdf_4_7_4-gnu-hpc&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/netcdf_4_7_4-gnu-mpich-hpc&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/netcdf_4_7_4-gnu-mvapich2-hpc&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/netcdf_4_7_4-gnu-openmpi2-hpc&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/netcdf_4_7_4-gnu-openmpi3-hpc&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/netcdf_4_7_4-gnu-openmpi4-hpc&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/netcdf&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/netcdf-openmpi2&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/netcdf-openmpi3&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/netcdf-openmpi4&distro=openSUSE%20Leap%2015.3 pkg:rpm/opensuse/netcdf-openmpi&distro=openSUSE%20Leap%2015.3 pkg:rpm/suse/netcdf_4_6_1-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/netcdf_4_6_1-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/netcdf_4_6_1-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/netcdf_4_6_1-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/netcdf_4_6_1-gnu-mpich-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/netcdf_4_6_1-gnu-mpich-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/netcdf_4_6_1-gnu-mpich-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/netcdf_4_6_1-gnu-mpich-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/netcdf_4_6_1-gnu-mvapich2-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/netcdf_4_6_1-gnu-mvapich2-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/netcdf_4_6_1-gnu-mvapich2-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/netcdf_4_6_1-gnu-mvapich2-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/netcdf_4_6_1-gnu-openmpi2-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOS pkg:rpm/suse/netcdf_4_6_1-gnu-openmpi2-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS pkg:rpm/suse/netcdf_4_6_1-gnu-openmpi2-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/netcdf_4_6_1-gnu-openmpi2-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/netcdf_4_7_3-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP2 pkg:rpm/suse/netcdf_4_7_3-gnu-mpich-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP2 pkg:rpm/suse/netcdf_4_7_3-gnu-mvapich2-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP2 pkg:rpm/suse/netcdf_4_7_3-gnu-openmpi2-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP2 pkg:rpm/suse/netcdf_4_7_3-gnu-openmpi3-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP2 pkg:rpm/suse/netcdf_4_7_4-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP3 pkg:rpm/suse/netcdf_4_7_4-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3 pkg:rpm/suse/netcdf_4_7_4-gnu-mpich-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP3 pkg:rpm/suse/netcdf_4_7_4-gnu-mpich-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3 pkg:rpm/suse/netcdf_4_7_4-gnu-mvapich2-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP3 pkg:rpm/suse/netcdf_4_7_4-gnu-mvapich2-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3 pkg:rpm/suse/netcdf_4_7_4-gnu-openmpi3-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP3 pkg:rpm/suse/netcdf_4_7_4-gnu-openmpi3-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3 pkg:rpm/suse/netcdf_4_7_4-gnu-openmpi4-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP3 pkg:rpm/suse/netcdf_4_7_4-gnu-openmpi4-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3
< 4.6.1-10.7.2+ 56 more
- (no CPE)range: < 4.6.1-10.7.2
- (no CPE)range: < 4.6.1-10.7.2
- (no CPE)range: < 4.6.1-10.7.2
- (no CPE)range: < 4.6.1-10.7.2
- (no CPE)range: < 4.6.1-10.7.2
- (no CPE)range: < 4.7.3-lp152.2.6.1
- (no CPE)range: < 4.7.3-3.7.2
- (no CPE)range: < 4.7.3-lp152.2.6.1
- (no CPE)range: < 4.7.3-3.7.2
- (no CPE)range: < 4.7.3-lp152.2.6.1
- (no CPE)range: < 4.7.3-3.7.2
- (no CPE)range: < 4.7.3-lp152.2.6.1
- (no CPE)range: < 4.7.3-3.7.2
- (no CPE)range: < 4.7.3-lp152.2.6.1
- (no CPE)range: < 4.7.3-3.7.2
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.6.1-5.7.1
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.6.1-5.7.1
- (no CPE)range: < 4.6.1-10.7.2
- (no CPE)range: < 4.6.1-10.7.2
- (no CPE)range: < 4.6.1-5.7.1
- (no CPE)range: < 4.6.1-5.7.1
- (no CPE)range: < 4.6.1-10.7.2
- (no CPE)range: < 4.6.1-10.7.2
- (no CPE)range: < 4.6.1-5.7.1
- (no CPE)range: < 4.6.1-5.7.1
- (no CPE)range: < 4.6.1-10.7.2
- (no CPE)range: < 4.6.1-10.7.2
- (no CPE)range: < 4.6.1-5.7.1
- (no CPE)range: < 4.6.1-5.7.1
- (no CPE)range: < 4.6.1-10.7.2
- (no CPE)range: < 4.6.1-10.7.2
- (no CPE)range: < 4.6.1-5.7.1
- (no CPE)range: < 4.6.1-5.7.1
- (no CPE)range: < 4.7.3-3.7.2
- (no CPE)range: < 4.7.3-3.7.2
- (no CPE)range: < 4.7.3-3.7.2
- (no CPE)range: < 4.7.3-3.7.2
- (no CPE)range: < 4.7.3-3.7.2
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.7.4-4.3.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sourceforge.net/p/ezxml/bugs/16/mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000