VYPR

mxml

by michaelrsweet

Source repositories

CVEs (5)

  • CVE-2021-42860HigMay 26, 2022
    risk 0.49cvss 7.5epss 0.01

    A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxml_string_getc:2611. NOTE: it is unclear whether this input is allowed by the API specification

  • CVE-2021-42859HigMay 26, 2022
    risk 0.49cvss 7.5epss 0.01

    A memory leak issue was discovered in Mini-XML v3.2 that could cause a denial of service. NOTE: testing reports are inconsistent, with some testers seeing the issue in both the 3.2 release and in the October 2021 development code, but others not seeing the issue in the 3.2…

  • CVE-2018-20592MedDec 30, 2018
    risk 0.36cvss 5.5epss 0.01

    In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc.

  • CVE-2018-20005MedDec 10, 2018
    risk 0.36cvss 5.5epss 0.01

    An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc.

  • CVE-2026-5037LowMar 29, 2026
    risk 0.14cvss 3.3epss 0.00

    A vulnerability was determined in mxml up to 4.0.4. This issue affects the function index_sort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr can lead to stack-based buffer overflow. The attack is restricted to local…