RSS   Vulnerabilities for 'Ezxml'   RSS

2022-05-17
 
CVE-2022-30045

CWE-125
 

 
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap out-of-bounds read.

 
2021-04-16
 
CVE-2021-31348

CWE-91
 

 
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure).

 
 
CVE-2021-31347

CWE-91
 

 
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (writing outside a memory region created by mmap).

 
2021-04-15
 
CVE-2021-31229

CWE-787
 

 
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs incorrect memory handling while parsing crafted XML files, which leads to an out-of-bounds write of a one byte constant.

 
2021-04-11
 
CVE-2021-30485

CWE-476
 

 
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.

 
2021-02-08
 
CVE-2021-26222

CWE-787
 

 
The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.

 
 
CVE-2021-26221

CWE-787
 

 
The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.

 
 
CVE-2021-26220

CWE-787
 

 
The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.

 
2019-12-31
 
CVE-2019-20202

CWE-763
 

 
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content() tries to use realloc on a block that was not allocated, leading to an invalid free and segmentation fault.

 
 
CVE-2019-20201

CWE-91
 

 
An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur.

 


Copyright 2024, cxsecurity.com

 

Back to Top