Mini-xml Security Vulnerabilities
A memory leak issue was discovered in Mini-XML v3.2 that could cause a denial of service. NOTE: testing reports are inconsistent, with some testers seeing the issue in both the 3.2 release and in the October 2021 development code, but others not seeing the issue in the 3.2...
7.5CVSS
7.3AI Score
0.001EPSS
A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxml_string_getc:2611. NOTE: it is unclear whether this input is allowed by the API...
7.5CVSS
7.6AI Score
0.001EPSS
In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in...
5.5CVSS
7AI Score
0.002EPSS
In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by...
5.5CVSS
6.5AI Score
0.01EPSS
An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by...
5.5CVSS
6.8AI Score
0.001EPSS
An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '' substring, as demonstrated by...
8.8CVSS
8.6AI Score
0.014EPSS
The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml...
5.5CVSS
5.5AI Score
0.005EPSS
The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml...
5.5CVSS
5.5AI Score
0.005EPSS