A flaw was found in the _fields_add function in fields.c in libbibcore.a in bibutils through 6.2. A NULL pointer dereference allows remote attackers to cause a denial of service (application crash), as demonstrated by end2xml.
Created bibutils tracking bugs for this issue:
Affects: epel-all [bug 1577261]
Affects: fedora-all [bug 1577259]
Created ghc-hs-bibutils tracking bugs for this issue:
Affects: epel-all [bug 1577262]
Affects: fedora-all [bug 1577260]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):