17 matches found
CVE-2019-20005
The CVE-2019-20005 issue affects ezXML 0.8.3–0.8.6: during ezxml_decode, parsing a crafted XML file triggers incorrect memory handling, causing a heap-based buffer over-read when strchr() is used after a '\0' (end of a string). Multiple advisories (SUSE/SLES15, Mageia, openSUSE, etc.) reference e...
CVE-2019-20007
CVE-2019-20007 affects ezXML 0.8.2–0.8.6. The flaw is in ezxml_str2utf8: zero-length reallocation can cause a NULL s, and ezxml_parse_str fails to guard against a NULL pointer, leading to a NULL dereference and crash. Connected advisories (SUSE openSUSE Mageia) enumerate the same issue among mult...
CVE-2019-20006
CVE-2019-20006 affects ezXML 0.8.3–0.8.6. The issue stems from ezxml_char_content: it stores a pointer to the internal address of a larger block in xml->txt, and that memory is later freed, leading to a segmentation fault. Connected sources reiter this exact behavior across multiple advisories...
CVE-2019-20200
CVE-2019-20200 concerns ezXML versions 0.8.3–0.8.6, where ezxml_decode during XML parsing mishandles memory, causing a heap-based buffer over-read in the “normalize line endings” path. The issue is documented across multiple advisories (netcdf-related) and is referenced by several CVEs (e.g., CVE...
CVE-2019-20202
CVE-2019-20202 affects ezXML 0.8.3–0.8.6. The issue arises in the function ezxml_char_content() , which attempts to use realloc on a block that may not have been allocated, causing an invalid free and a segmentation fault. This is documented in multiple connected advisories (SUSE/OpenVAS/Nessus/M...
CVE-2021-30485
CVE-2021-30485 affects ezXML 0.8.6 (libezxml.a). The issue is a NULL pointer dereference in ezxml_internal_dtd() during XML parsing, caused by memory handling that can lead to a NULL pointer being passed to strcmp(). The connected documents consistently reference this exact flaw in ezXML 0.8.6, i...
CVE-2021-31348
CVE-2021-31348 affects ezXML 0.8.6 (libezxml.a); the flaw is in ezxml_parse_str() where improper memory handling during XML parsing leads to an out-of-bounds read after a strcspn failure. Connected advisories (SUSE/openSUSE) enumerate this CVE among multiple netcdf/ezXML issues and reference upda...
CVE-2019-20198
CVE-2019-20198 : The vulnerability is in ezXML versions 0.8.3–0.8.6 where the function ezxml_ent_ok() mishandles recursion, leading to stack consumption on a crafted XML file. Connected advisories confirm ezXML as the affected component and list CVE-2019-20198 among the issues addressed in netcdf...
CVE-2021-31347
CVE-2021-31347 affects ezXML/libezxml.a in ezXML 0.8.6. The flaw is in ezxml_parse_str(), which performs incorrect memory handling while parsing crafted XML files, writing outside a memory region created by mmap. This can lead to memory corruption (out-of-bounds write) as described across multipl...
CVE-2019-20199
CVE-2019-20199 affects ezXML 0.8.3–0.8.6. The vulnerability is in ezxml_decode: while parsing a crafted XML file, memory handling can cause a NULL pointer to be dereferenced when strlen() is applied to a NULL pointer. Product: ezXML library (versions 0.8.3 to 0.8.6). The issue can lead to a crash...
CVE-2019-20201
CVE-2019-20201 affects ezXML 0.8.3–0.8.6. The issue arises in the ezxml_parse_* functions, where XML entities are mishandled, causing an infinite loop that triggers repeated memory allocations. Exploitation details are not provided in the connected documents. The SUSE/Mageia/OpenVAS entries refer...
CVE-2021-31229
CVE-2021-31229 : Affects ezXML 0.8.6 (libezxml.a). The root cause is improper memory handling in ezxml_internal_dtd() during parsing of crafted XML, leading to an out-of-bounds write of a single byte. Public details on exploitation, affected platforms beyond ezXML 0.8.6, and concrete remediation ...
CVE-2021-31598
CVE-2021-31598 affects ezXML 0.8.6 (libezxml.a) and arises from incorrect memory handling in ezxml_decode() while parsing crafted XML files, causing a heap-based buffer overflow. The issue is consistently cited across multiple advisories (SUSE/OpenSUSE SUSE-SU-2021:3815/3804/3805, 3873-1, openSUS...
CVE-2022-30045
The CVE-2022-30045 issue affects ezXML 0.8.6 (libezxml.a) where ezxml_decode() mishandles memory while parsing crafted XML, causing a heap out-of-bounds read. The vulnerability is documented across multiple sources (NVD and various advisories). The provided materials do not specify a patch versio...
CVE-2021-26221
CVE-2021-26221 affects ezXML 0.8.6 and earlier; the ezxml_new function allows a out-of-bounds write when opening an XML file after memory pool exhaustion. Connections show this vulnerability referenced in netcdf-related advisories (SUSE/Mageia/OpenVAS/Nessus entries) with patches/updates issued f...
CVE-2021-26222
CVE-2021-26222 affects the ezXML library (ezXML 0.8.6 and earlier). The vulnerability is an out-of-bounds write in ezxml_new when opening an XML file after exhausting the memory pool. Connected documents corroborate the same issue across multiple advisories (netcdf/SUSE/OpenVAS variants) but do n...
CVE-2021-26220
The CVE-2021-26220 entry concerns the ezxml_toxml function in ezXML 0.8.6 and earlier, vulnerable to an out-of-bounds write when opening XML after memory pool exhaustion. Connected advisories (SUSE/Mageia/OpenVAS/Nessus) confirm ezXML-related issues in netcdf packages and indicate patches/updates...