There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.
https://usn.ubuntu.com/3916-1/
https://github.com/openSUSE/libsolv/pull/291
https://bugzilla.redhat.com/show_bug.cgi?id=1652599
https://access.redhat.com/errata/RHSA-2019:2290
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00057.html