0.003 Low
EPSS
Percentile
70.5%
TinyXML2 is vulnerable to heap-based buffer over-read. The vulnerability can be triggered when the attacker parses a malicious data to XMLDocument::Parse function.
XMLDocument::Parse
github.com/leethomason/tinyxml2/blob/master/tinyxml2.cpp#L2286
github.com/leethomason/tinyxml2/compare/strlen
github.com/leethomason/tinyxml2/issues/675
github.com/leethomason/tinyxml2/issues/675#issuecomment-439933437
github.com/leethomason/tinyxml2/issues/675#issuecomment-462194018