Mini-xml Security Vulnerabilities and Issues — Mini-xml CVE List

Lucene search

Mini-xml ProjectMini-xml

5 matches found

CVE•added 2017/02/03 3:59 p.m.•55 views

CVE-2016-4571

The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.

7.1CVSS5.5AI score0.00808EPSS

CVE•added 2018/12/10 6:29 a.m.•52 views

CVE-2018-20004

An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '' substring, as demonstrated by testmxml.

8.8CVSS8.6AI score0.00821EPSS

CVE•added 2017/02/03 3:59 p.m.•50 views

CVE-2016-4570

The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.

7.1CVSS5.5AI score0.00808EPSS

CVE•added 2022/05/26 12:15 p.m.•49 views

CVE-2021-42859

A memory leak issue was discovered in Mini-XML v3.2 that could cause a denial of service. NOTE: testing reports are inconsistent, with some testers seeing the issue in both the 3.2 release and in the October 2021 development code, but others not seeing the issue in the 3.2 release

7.5CVSS7.3AI score0.0026EPSS

CVE•added 2022/05/26 12:15 p.m.•41 views

CVE-2021-42860

A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxml_string_getc:2611. NOTE: it is unclear whether this input is allowed by the API specification

7.5CVSS7.6AI score0.00276EPSS