CVE-2021-26220
Description
The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ezxml 0.8.6 and earlier has an out-of-bounds write in ezxml_toxml due to incorrect malloc error handling, leading to memory corruption or crash.
Vulnerability
The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to an out-of-bounds (OOB) write when opening an XML file after exhausting the memory pool. The vulnerability exists because the return value of malloc on line 750 of ezxml.c is not checked for NULL; if memory allocation fails, a write to a near-NULL address can occur [1]. The issue is triggered during XML file parsing, which allocates internal buffers of size EZXML_BUFSIZE (1024 bytes).
Exploitation
An attacker can exploit this vulnerability by providing a crafted XML file that causes memory exhaustion during parsing. This can be done locally (e.g., by opening a malicious file) or remotely if the application accepts XML files from external sources [1]. The attacker does not require authentication if the application opens files from untrusted sources. The memory exhaustion leads to malloc returning NULL, and the subsequent string copy operation overwrites memory near address zero.
Impact
Successful exploitation can result in a segmentation fault (crash) or, in environments with limited memory protection (e.g., embedded systems), a near-NULL pointer overwrite. This could corrupt critical data structures or device configuration stored in low memory areas, potentially leading to arbitrary behavior or denial of service [1].
Mitigation
As of the publication date (2021-02-08), no official patch has been released for this vulnerability. Users of ezxml 0.8.6 and earlier should avoid processing untrusted XML files or apply memory allocation error handling similar to the recommendations in ERR33-C [1]. The issue is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
59- ezXML/ezXMLdescription
- osv-coords57 versionspkg:rpm/opensuse/netcdf_4_6_1-gnu-hpc&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/netcdf_4_6_1-gnu-mpich-hpc&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/netcdf_4_6_1-gnu-mvapich2-hpc&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/netcdf_4_6_1-gnu-openmpi1-hpc&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/netcdf_4_6_1-gnu-openmpi2-hpc&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/netcdf_4_7_3-gnu-hpc&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/netcdf_4_7_3-gnu-hpc&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/netcdf_4_7_3-gnu-mpich-hpc&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/netcdf_4_7_3-gnu-mpich-hpc&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/netcdf_4_7_3-gnu-mvapich2-hpc&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/netcdf_4_7_3-gnu-mvapich2-hpc&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/netcdf_4_7_3-gnu-openmpi2-hpc&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/netcdf_4_7_3-gnu-openmpi2-hpc&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/netcdf_4_7_3-gnu-openmpi3-hpc&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/netcdf_4_7_3-gnu-openmpi3-hpc&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/netcdf_4_7_4-gnu-hpc&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/netcdf_4_7_4-gnu-mpich-hpc&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/netcdf_4_7_4-gnu-mvapich2-hpc&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/netcdf_4_7_4-gnu-openmpi2-hpc&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/netcdf_4_7_4-gnu-openmpi3-hpc&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/netcdf_4_7_4-gnu-openmpi4-hpc&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/netcdf&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/netcdf-openmpi2&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/netcdf-openmpi3&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/netcdf-openmpi4&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/netcdf-openmpi&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/netcdf_4_6_1-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/netcdf_4_6_1-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/netcdf_4_6_1-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/netcdf_4_6_1-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/netcdf_4_6_1-gnu-mpich-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/netcdf_4_6_1-gnu-mpich-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/netcdf_4_6_1-gnu-mpich-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/netcdf_4_6_1-gnu-mpich-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/netcdf_4_6_1-gnu-mvapich2-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/netcdf_4_6_1-gnu-mvapich2-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/netcdf_4_6_1-gnu-mvapich2-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/netcdf_4_6_1-gnu-mvapich2-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/netcdf_4_6_1-gnu-openmpi2-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/netcdf_4_6_1-gnu-openmpi2-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/netcdf_4_6_1-gnu-openmpi2-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/netcdf_4_6_1-gnu-openmpi2-hpc&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/netcdf_4_7_3-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP2pkg:rpm/suse/netcdf_4_7_3-gnu-mpich-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP2pkg:rpm/suse/netcdf_4_7_3-gnu-mvapich2-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP2pkg:rpm/suse/netcdf_4_7_3-gnu-openmpi2-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP2pkg:rpm/suse/netcdf_4_7_3-gnu-openmpi3-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP2pkg:rpm/suse/netcdf_4_7_4-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP3pkg:rpm/suse/netcdf_4_7_4-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3pkg:rpm/suse/netcdf_4_7_4-gnu-mpich-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP3pkg:rpm/suse/netcdf_4_7_4-gnu-mpich-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3pkg:rpm/suse/netcdf_4_7_4-gnu-mvapich2-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP3pkg:rpm/suse/netcdf_4_7_4-gnu-mvapich2-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3pkg:rpm/suse/netcdf_4_7_4-gnu-openmpi3-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP3pkg:rpm/suse/netcdf_4_7_4-gnu-openmpi3-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3pkg:rpm/suse/netcdf_4_7_4-gnu-openmpi4-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP3pkg:rpm/suse/netcdf_4_7_4-gnu-openmpi4-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3
< 4.6.1-10.7.2+ 56 more
- (no CPE)range: < 4.6.1-10.7.2
- (no CPE)range: < 4.6.1-10.7.2
- (no CPE)range: < 4.6.1-10.7.2
- (no CPE)range: < 4.6.1-10.7.2
- (no CPE)range: < 4.6.1-10.7.2
- (no CPE)range: < 4.7.3-lp152.2.6.1
- (no CPE)range: < 4.7.3-3.7.2
- (no CPE)range: < 4.7.3-lp152.2.6.1
- (no CPE)range: < 4.7.3-3.7.2
- (no CPE)range: < 4.7.3-lp152.2.6.1
- (no CPE)range: < 4.7.3-3.7.2
- (no CPE)range: < 4.7.3-lp152.2.6.1
- (no CPE)range: < 4.7.3-3.7.2
- (no CPE)range: < 4.7.3-lp152.2.6.1
- (no CPE)range: < 4.7.3-3.7.2
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.6.1-5.7.1
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.6.1-5.7.1
- (no CPE)range: < 4.6.1-10.7.2
- (no CPE)range: < 4.6.1-10.7.2
- (no CPE)range: < 4.6.1-5.7.1
- (no CPE)range: < 4.6.1-5.7.1
- (no CPE)range: < 4.6.1-10.7.2
- (no CPE)range: < 4.6.1-10.7.2
- (no CPE)range: < 4.6.1-5.7.1
- (no CPE)range: < 4.6.1-5.7.1
- (no CPE)range: < 4.6.1-10.7.2
- (no CPE)range: < 4.6.1-10.7.2
- (no CPE)range: < 4.6.1-5.7.1
- (no CPE)range: < 4.6.1-5.7.1
- (no CPE)range: < 4.6.1-10.7.2
- (no CPE)range: < 4.6.1-10.7.2
- (no CPE)range: < 4.6.1-5.7.1
- (no CPE)range: < 4.6.1-5.7.1
- (no CPE)range: < 4.7.3-3.7.2
- (no CPE)range: < 4.7.3-3.7.2
- (no CPE)range: < 4.7.3-3.7.2
- (no CPE)range: < 4.7.3-3.7.2
- (no CPE)range: < 4.7.3-3.7.2
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.7.4-4.3.2
- (no CPE)range: < 4.7.4-4.3.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- sourceforge.net/p/ezxml/bugs/23/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.