Lucene search
K
Ezxml ProjectEzxml

17 matches found

CVE
CVE
added 2019/12/26 9:55 p.m.133 views

CVE-2019-20005

The CVE-2019-20005 issue affects ezXML 0.8.3–0.8.6: during ezxml_decode, parsing a crafted XML file triggers incorrect memory handling, causing a heap-based buffer over-read when strchr() is used after a '\0' (end of a string). Multiple advisories (SUSE/SLES15, Mageia, openSUSE, etc.) reference e...

6.5CVSS6.8AI score0.01169EPSS
CVE
CVE
added 2019/12/26 9:55 p.m.123 views

CVE-2019-20007

CVE-2019-20007 affects ezXML 0.8.2–0.8.6. The flaw is in ezxml_str2utf8: zero-length reallocation can cause a NULL s, and ezxml_parse_str fails to guard against a NULL pointer, leading to a NULL dereference and crash. Connected advisories (SUSE openSUSE Mageia) enumerate the same issue among mult...

6.5CVSS6.7AI score0.01277EPSS
CVE
CVE
added 2019/12/26 9:55 p.m.122 views

CVE-2019-20006

CVE-2019-20006 affects ezXML 0.8.3–0.8.6. The issue stems from ezxml_char_content: it stores a pointer to the internal address of a larger block in xml->txt, and that memory is later freed, leading to a segmentation fault. Connected sources reiter this exact behavior across multiple advisories...

7.5CVSS7.4AI score0.01605EPSS
CVE
CVE
added 2019/12/31 8:30 p.m.114 views

CVE-2019-20200

CVE-2019-20200 concerns ezXML versions 0.8.3–0.8.6, where ezxml_decode during XML parsing mishandles memory, causing a heap-based buffer over-read in the “normalize line endings” path. The issue is documented across multiple advisories (netcdf-related) and is referenced by several CVEs (e.g., CVE...

6.5CVSS6.8AI score0.01169EPSS
CVE
CVE
added 2019/12/31 8:30 p.m.114 views

CVE-2019-20202

CVE-2019-20202 affects ezXML 0.8.3–0.8.6. The issue arises in the function ezxml_char_content() , which attempts to use realloc on a block that may not have been allocated, causing an invalid free and a segmentation fault. This is documented in multiple connected advisories (SUSE/OpenVAS/Nessus/M...

6.5CVSS6.8AI score0.01169EPSS
CVE
CVE
added 2021/04/11 3:6 p.m.114 views

CVE-2021-30485

CVE-2021-30485 affects ezXML 0.8.6 (libezxml.a). The issue is a NULL pointer dereference in ezxml_internal_dtd() during XML parsing, caused by memory handling that can lead to a NULL pointer being passed to strcmp(). The connected documents consistently reference this exact flaw in ezXML 0.8.6, i...

6.5CVSS6.7AI score0.01212EPSS
CVE
CVE
added 2021/04/16 5:41 p.m.112 views

CVE-2021-31348

CVE-2021-31348 affects ezXML 0.8.6 (libezxml.a); the flaw is in ezxml_parse_str() where improper memory handling during XML parsing leads to an out-of-bounds read after a strcspn failure. Connected advisories (SUSE/openSUSE) enumerate this CVE among multiple netcdf/ezXML issues and reference upda...

6.5CVSS6.7AI score0.01095EPSS
CVE
CVE
added 2019/12/31 8:31 p.m.111 views

CVE-2019-20198

CVE-2019-20198 : The vulnerability is in ezXML versions 0.8.3–0.8.6 where the function ezxml_ent_ok() mishandles recursion, leading to stack consumption on a crafted XML file. Connected advisories confirm ezXML as the affected component and list CVE-2019-20198 among the issues addressed in netcdf...

6.5CVSS6.7AI score0.01169EPSS
CVE
CVE
added 2021/04/16 5:32 p.m.108 views

CVE-2021-31347

CVE-2021-31347 affects ezXML/libezxml.a in ezXML 0.8.6. The flaw is in ezxml_parse_str(), which performs incorrect memory handling while parsing crafted XML files, writing outside a memory region created by mmap. This can lead to memory corruption (out-of-bounds write) as described across multipl...

6.5CVSS6.8AI score0.01193EPSS
CVE
CVE
added 2019/12/31 8:30 p.m.94 views

CVE-2019-20199

CVE-2019-20199 affects ezXML 0.8.3–0.8.6. The vulnerability is in ezxml_decode: while parsing a crafted XML file, memory handling can cause a NULL pointer to be dereferenced when strlen() is applied to a NULL pointer. Product: ezXML library (versions 0.8.3 to 0.8.6). The issue can lead to a crash...

6.5CVSS6.7AI score0.01169EPSS
CVE
CVE
added 2019/12/31 8:30 p.m.93 views

CVE-2019-20201

CVE-2019-20201 affects ezXML 0.8.3–0.8.6. The issue arises in the ezxml_parse_* functions, where XML entities are mishandled, causing an infinite loop that triggers repeated memory allocations. Exploitation details are not provided in the connected documents. The SUSE/Mageia/OpenVAS entries refer...

6.5CVSS6.8AI score0.01169EPSS
CVE
CVE
added 2021/04/15 2:28 p.m.90 views

CVE-2021-31229

CVE-2021-31229 : Affects ezXML 0.8.6 (libezxml.a). The root cause is improper memory handling in ezxml_internal_dtd() during parsing of crafted XML, leading to an out-of-bounds write of a single byte. Public details on exploitation, affected platforms beyond ezXML 0.8.6, and concrete remediation ...

6.5CVSS6.8AI score0.01035EPSS
CVE
CVE
added 2021/04/24 4:32 p.m.87 views

CVE-2021-31598

CVE-2021-31598 affects ezXML 0.8.6 (libezxml.a) and arises from incorrect memory handling in ezxml_decode() while parsing crafted XML files, causing a heap-based buffer overflow. The issue is consistently cited across multiple advisories (SUSE/OpenSUSE SUSE-SU-2021:3815/3804/3805, 3873-1, openSUS...

7.5CVSS7.5AI score0.01402EPSS
CVE
CVE
added 2022/05/17 7:24 p.m.81 views

CVE-2022-30045

The CVE-2022-30045 issue affects ezXML 0.8.6 (libezxml.a) where ezxml_decode() mishandles memory while parsing crafted XML, causing a heap out-of-bounds read. The vulnerability is documented across multiple sources (NVD and various advisories). The provided materials do not specify a patch versio...

6.5CVSS6.4AI score0.00917EPSS
CVE
CVE
added 2021/02/08 8:13 p.m.79 views

CVE-2021-26221

CVE-2021-26221 affects ezXML 0.8.6 and earlier; the ezxml_new function allows a out-of-bounds write when opening an XML file after memory pool exhaustion. Connections show this vulnerability referenced in netcdf-related advisories (SUSE/Mageia/OpenVAS/Nessus entries) with patches/updates issued f...

8.1CVSS7.8AI score0.01178EPSS
CVE
CVE
added 2021/02/08 8:13 p.m.74 views

CVE-2021-26222

CVE-2021-26222 affects the ezXML library (ezXML 0.8.6 and earlier). The vulnerability is an out-of-bounds write in ezxml_new when opening an XML file after exhausting the memory pool. Connected documents corroborate the same issue across multiple advisories (netcdf/SUSE/OpenVAS variants) but do n...

8.1CVSS7.8AI score0.01178EPSS
CVE
CVE
added 2021/02/08 8:13 p.m.67 views

CVE-2021-26220

The CVE-2021-26220 entry concerns the ezxml_toxml function in ezXML 0.8.6 and earlier, vulnerable to an out-of-bounds write when opening XML after memory pool exhaustion. Connected advisories (SUSE/Mageia/OpenVAS/Nessus) confirm ezXML-related issues in netcdf packages and indicate patches/updates...

8.1CVSS7.8AI score0.01178EPSS