CVE-2018-11210

TinyXML2 6.2.0 is affected by a heap-based buffer over-read in XMLDocument::Parse (libtinyxml2.so). The CVE-2018-11210 entry notes this is due to improper use of the library and not a vulnerability in tinyxml2. NVD data lists a high/severe impact (CVSS v3: 9.8, NETWORK/NO AUTH required; all impac...

CVE-2018-11210

TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use of the library and not a vulnerability in tinyxml2...

tinyxml2: Use-of-uninitialized-value in tinyxml2::StrPair::SetStr

Project: https://github.com/leethomason/tinyxml2.git Detailed report: https://oss-fuzz.com/testcase?key=5185500560228352 Project: tinyxml2 Fuzzer: libFuzzertinyxml2xmltest Fuzz target binary: xmltest Job Type: libfuzzermsantinyxml2 Platform Id: linux Crash Type: Use-of-uninitialized-value Crash...

PT-2018-10401 · Tinyxml2 +2 · Tinyxml2 +2

Name of the Vulnerable Software and Affected Versions: TinyXML2 version 6.2.0 Description: The issue is related to a heap-based buffer over-read in the XMLDocument::Parse function. However, the developers of TinyXML2 have determined that the reported issue is due to improper use of the library an...