UBUNTU-CVE-2026-27942

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML builder with preserveOrder:true. Version 5.3.8 fixes the issue. As...

CVE-2026-27942 fast-xml-parser has stack overflow in XMLBuilder with preserveOrder

fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML builder with preserveOrder:true. Version 5.3.8 fixes the issue. As...

CVE-2026-27942

CVE-2026-27942 affects fast-xml-parser. Before 5.3.8, XMLBuilder with preserveOrder: true can crash with a stack overflow. The issue is fixed in 5.3.8. Workarounds include building XML with preserveOrder: false or validating input data before passing to the builder. Connected sources also referen...

Mozilla: Integer overflow in Skia library during edge builder allocation (MFSA 2018-03)

An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 8 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 52.6, Firefox ESR 52.6, a...