VYPR

TinyXML2

by TinyXML2

CVEs (4)

  • CVE-2023-34194HigDec 13, 2023
    risk 0.49cvss 7.5epss 0.01

    StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a '\0' located after whitespace.

  • CVE-2021-42260HigOct 11, 2021
    risk 0.49cvss 7.5epss 0.03

    TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.

  • CVE-2024-50615MedOct 27, 2024
    risk 0.42cvss 6.5epss 0.00

    TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/digit, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef.

  • CVE-2024-50614MedOct 27, 2024
    risk 0.42cvss 6.5epss 0.00

    TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/16, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef.