Xmill Security Vulnerabilities and Issues — Xmill CVE List

Lucene search

AttXmill

9 matches found

CVE•added 2021/08/13 7:15 p.m.•87 views

CVE-2021-21829

A heap-based buffer overflow vulnerability exists in the XML Decompression EnumerationUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.

9.8CVSS9.8AI score0.01827EPSS

CVE•added 2021/08/13 7:15 p.m.•86 views

CVE-2021-21830

A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.

9.8CVSS9.8AI score0.01827EPSS

CVE•added 2022/04/14 1:15 p.m.•69 views

CVE-2022-26507

A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828, CV...

9.8CVSS9AI score0.02994EPSS

CVE•added 2021/08/20 10:15 p.m.•53 views

CVE-2021-21826

A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within DecodeTreeBlock which is called during the decompression of an XMI file, a UINT32 is loaded from the file and used as trusted input as the length of a buffer. An a...

9.8CVSS9.5AI score0.00174EPSS

CVE•added 2021/08/18 1:15 p.m.•51 views

CVE-2021-21825

A heap-based buffer overflow vulnerability exists in the XML Decompression PlainTextUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.

9.8CVSS9.8AI score0.01728EPSS

CVE•added 2021/08/20 10:15 p.m.•49 views

CVE-2021-21828

A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. In the default case of DecodeTreeBlock a label is created via CurPath::AddLabel in order to track the label for later reference. An attacker can provide a malicious file ...

9.8CVSS9.5AI score0.00174EPSS

CVE•added 2021/08/20 10:15 p.m.•45 views

CVE-2021-21827

9.8CVSS9.6AI score0.00174EPSS

CVE•added 2021/08/31 5:15 p.m.•43 views

CVE-2021-21811

A memory corruption vulnerability exists in the XML-parsing CreateLabelOrAttrib functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

9.8CVSS9.5AI score0.0032EPSS

CVE•added 2021/08/17 8:15 p.m.•40 views

CVE-2021-21810

A memory corruption vulnerability exists in the XML-parsing ParseAttribs functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

9.8CVSS9.5AI score0.00245EPSS