44 matches found
Heap overflow
A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. In the default case of DecodeTreeBlock a label is created via CurPath::AddLabel in order to track the label for later reference. An attacker can provide a malicious fil...
CVE-2021-21828
A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. In the default case of DecodeTreeBlock a label is created via CurPath::AddLabel in order to track the label for later reference. An attacker can provide a malicious fil...
CVE-2021-21827
A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within DecodeTreeBlock which is called during the decompression of an XMI file, a UINT32 is loaded from the file and used as trusted input as the length of a buffer. An...
CVE-2021-21827
CVE-2021-21827 is a heap-based buffer overflow vulnerability in AT&T Labs Xmill 0.7, triggered by DecodeTreeBlock during XMI decompression. The vulnerability arises when a UINT32 read from the input is used as the length for a buffer during various decode paths, leading to unsafe copies via memcp...
CVE-2021-21826
A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within DecodeTreeBlock which is called during the decompression of an XMI file, a UINT32 is loaded from the file and used as trusted input as the length of a buffer. An...
CVE-2021-21826
CVE-2021-21826 is a heap-based buffer overflow in AT&T Labs Xmill 0.7, within XML Decompression DecodeTreeBlock. A crafted XMI file triggers a UINT32-derived length for an internal buffer, enabling a attacker-controlled input to overflow. The initial description confirms the vulnerability, includ...
CVE-2021-21825
A heap-based buffer overflow vulnerability exists in the XML Decompression PlainTextUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...
Heap overflow
A heap-based buffer overflow vulnerability exists in the XML Decompression PlainTextUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2021-21825
A heap-based buffer overflow vulnerability exists in the XML Decompression PlainTextUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2021-21829
A heap-based buffer overflow vulnerability exists in the XML Decompression EnumerationUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2021-21830
A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2021-21829
A heap-based buffer overflow vulnerability exists in the XML Decompression EnumerationUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...
Heap overflow
A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2021-21829
A heap-based buffer overflow vulnerability exists in the XML Decompression EnumerationUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2021-21830
A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...
CVE-2021-21830
AT&T Labs Xmill 0.7 contains a heap-based buffer overflow in the XML Decompression LabelDict::Load path that can be triggered by a crafted XMI file, leading to remote code execution. CVE-2021-21830 is the assigned identifier for this vulnerability, with Red Hat and CVE listings reiterating the sa...
AT&T Labs Xmill XML decompression DecodeTreeBlock multiple heap-based buffer overflow vulnerabilities
Summary Multiple heap-based buffer overflow vulnerabilities exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. A specially crafted XMI File can lead to remote code execution. An attacker can provide a malicious file to trigger these vulnerabilities. Tested...
PT-2021-7820 · At&T · At&T Labs Xmill
Name of the Vulnerable Software and Affected Versions: AT&T Labs Xmill version 0.7 Description: A heap-based buffer overflow issue exists in the XML Decompression DecodeTreeBlock functionality. Within DecodeTreeBlock, which is called during the decompression of an XMI file, a UINT32 is loaded fro...
AT&T Labs Xmill XML decompression EnumerationUncompressor::UncompressItem heap-based buffer overflow vulnerability
Summary A heap-based buffer overflow vulnerability exists in the XML Decompression EnumerationUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability...
AT&T Labs Xmill 缓冲区错误漏洞
AT&T Labs Xmill is a new tool for efficiently compressing XML data from AT&T Labs, USA. A security vulnerability exists in the XML Decompression PlainTextUncompressor::UncompressItem function in AT&T Labs Xmill version 0.7. An attacker could exploit the vulnerability to remotely execute code...