A vulnerability was found in libsolv through 0.7.2. There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv that will cause a denial of service.
Created libsolv tracking bugs for this issue:
Affects: fedora-all [bug 1665537]
Function testcase_str2dep_complex() does not check whether the string pointed by one of its argument is NULL or not.