Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ezxml
(Ezxml_project)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 17 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-05-17 | CVE-2022-30045 | An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap out-of-bounds read. | Ezxml | 6.5 | ||
| 2021-04-11 | CVE-2021-30485 | An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer. | Debian_linux, Ezxml | 6.5 | ||
| 2021-04-15 | CVE-2021-31229 | An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs incorrect memory handling while parsing crafted XML files, which leads to an out-of-bounds write of a one byte constant. | Debian_linux, Ezxml | 6.5 | ||
| 2021-04-16 | CVE-2021-31348 | An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure). | Debian_linux, Ezxml | 6.5 | ||
| 2021-04-24 | CVE-2021-31598 | An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow. | Debian_linux, Ezxml | 7.5 | ||
| 2021-04-16 | CVE-2021-31347 | An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (writing outside a memory region created by mmap). | Debian_linux, Ezxml | 6.5 | ||
| 2019-12-31 | CVE-2019-20201 | An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur. | Ezxml | 6.5 | ||
| 2021-02-08 | CVE-2021-26222 | The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool. | Ezxml | 8.1 | ||
| 2021-02-08 | CVE-2021-26221 | The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool. | Ezxml | 8.1 | ||
| 2021-02-08 | CVE-2021-26220 | The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool. | Ezxml | 8.1 |