A vulnerability was found in libsolv through 0.7.2. There is an illegal address access at src/pool.h (function pool_whatprovides) in libsolv.a that will cause a denial of service.
Created libsolv tracking bugs for this issue:
Affects: fedora-all [bug 1665539]
When function testcase_str2solvid() is called on a malformed input, pool may be not correctly initialized and pool->whatprovides may be NULL, causing the program to crash when accessing an illegal address in pool_whatprovides().