CVE-2018-14404: NULL Pointer Dereference

July 19, 2018 (updated September 10, 2020)

A NULL pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case. Applications processing untrusted XSL format inputs with the use of the libxml2 library may be vulnerable to a denial of service attack due to a crash of the application.

References

nvd.nist.gov/vuln/detail/CVE-2018-14404

Code Behaviors & Features

Detect and mitigate CVE-2018-14404 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →