13 matches found
CVE-2021-21813
AT&T Labs Xmill 0.7 contains a stack-based buffer overflow in the command-line handle argument path. In HandleFileArg, the filepattern supplied by the user is copied into a fixed-size buffer (400 bytes) via unsafe copy operations (memcpy/strcpy/strlen), without proper length checks. This can over...
CVE-2021-21814
CVE-2021-21814 affects AT&T Labs’ Xmill 0.7, describing a vulnerability in the command-line parsing function HandleFileArg where the user-controlled filepattern is copied/stored without proper length checks. The literature shows multiple instances of buffer overflows (stack-based, via strcpy/memc...
CVE-2021-21812
CVE-2021-21812 describes a stack-based buffer overflow in AT&T Labs’ Xmill 0.7, specifically in the command-line parsing HandleFileArg function. The vulnerability stems from copying user-controlled filepattern data into a fixed-size buffer with strcpy, allowing a path provided on the command line...
CVE-2021-21815
CVE-2021-21815 : A stack-based buffer overflow exists in AT&T Labs’ Xmill 0.7, in the command-line parsing HandleFileArg. The user-controlled filepattern is copied into a fixed-size buffer without length checks (via strcpy), causing stack overflow. A crafted command-line input can trigger code ex...
CVE-2021-21829
CVE-2021-21829 is a heap-based buffer overflow affecting AT&T Labs’ Xmill 0.7, in the XML Decompression EnumerationUncompressor::UncompressItem functionality. A specially crafted XMI file can lead to remote code execution. The vulnerability is documented across multiple sources (e.g., NVD and Red...
CVE-2021-21830
AT&T Labs Xmill 0.7 contains a heap-based buffer overflow in the XML Decompression LabelDict::Load path that can be triggered by a crafted XMI file, leading to remote code execution. CVE-2021-21830 is the assigned identifier for this vulnerability, with Red Hat and CVE listings reiterating the sa...
CVE-2022-26507
CVE-2022-26507 describes a heap-based/out-of-bounds read vulnerability in AT&T Labs Xmill 0.7 DecodeTreeBlock during XML decompression, leading to remote code execution. The 3.2.13 entry confirms CVE-2022-26507 as the vulnerability ID for an out-of-bounds read in XML Decompression DecodeTreeBlock...
CVE-2021-21826
CVE-2021-21826 is a heap-based buffer overflow in AT&T Labs Xmill 0.7, within XML Decompression DecodeTreeBlock. A crafted XMI file triggers a UINT32-derived length for an internal buffer, enabling a attacker-controlled input to overflow. The initial description confirms the vulnerability, includ...
CVE-2021-21825
CVE-2021-21825 is a heap-based buffer overflow in AT&T Labs Xmill 0.7 (XML Decompression PlainTextUncompressor::UncompressItem). A crafted XMI file can trigger remote code execution. Affected products include Xmill 0.7; mitigation notes indicate updating to Schneider Electric EcoStruxure/Process ...
CVE-2021-21811
CVE-2021-21811 is described across multiple connected documents as a memory corruption vulnerability in AT&T Labs’ Xmill 0.7, specifically in the XML-parsing CreateLabelOrAttrib functionality. The issue is a heap-based buffer overflow that can be triggered by a specially crafted XML file, potenti...
CVE-2021-21828
CVE-2021-21828 is a heap-based buffer overflow in AT&T Labs Xmill 0.7, specifically in the XML Decompression DecodeTreeBlock functionality. In the default DecodeTreeBlock path, a label is created via CurPath::AddLabel to track the label for later reference, and a crafted input file can trigger th...
CVE-2021-21827
CVE-2021-21827 is a heap-based buffer overflow vulnerability in AT&T Labs Xmill 0.7, triggered by DecodeTreeBlock during XMI decompression. The vulnerability arises when a UINT32 read from the input is used as the length for a buffer during various decode paths, leading to unsafe copies via memcp...
CVE-2021-21810
CVE-2021-21810 affects AT&T Labs’ Xmill 0.7; a memory corruption heap-based buffer overflow exists in the XML-parsing ParseAttribs functionality when processing malicious XML, potentially enabling remote code execution. Public references (e.g., Red Hat and CISA-ICS materials) describe this class ...