Debian Security Advisory

DLA-1581-1 uriparser -- LTS security update

Date Reported:
20 Nov 2018
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2018-19198, CVE-2018-19199, CVE-2018-19200.
More information:

Multiple vulnerabilities have been discovered in uriparser, an Uniform Resource Identifiers (URIs) parsing library.

  • CVE-2018-19198

    UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts.

  • CVE-2018-19199

    UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication.

  • CVE-2018-19200

    UriCommon.c allows attempted operations on NULL input via a uriResetUri* function.

For Debian 8 Jessie, these problems have been fixed in version

We recommend that you upgrade your uriparser packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: