michaelrsweet
Products
4- 8 CVEs
- 5 CVEs
- 2 CVEs
- 2 CVEs
Recent CVEs
17| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-13362 | Hig | 0.51 | 7.8 | 0.01 | Jul 6, 2019 | Codedoc v3.2 has a stack-based buffer overflow in add_variable in codedoc.c, related to codedoc_strlcpy. | ||
| CVE-2021-42860 | Hig | 0.49 | 7.5 | 0.01 | May 26, 2022 | A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxml_string_getc:2611. NOTE: it is unclear whether this input is allowed by the API specification | ||
| CVE-2021-42859 | Hig | 0.49 | 7.5 | 0.01 | May 26, 2022 | A memory leak issue was discovered in Mini-XML v3.2 that could cause a denial of service. NOTE: testing reports are inconsistent, with some testers seeing the issue in both the 3.2 release and in the October 2021 development code, but others not seeing the issue in the 3.2… | ||
| CVE-2023-38850 | Med | 0.36 | 5.5 | 0.00 | Aug 15, 2023 | Buffer Overflow vulnerability in Michaelrsweet codedoc v.3.7 allows an attacker to cause a denial of service via the codedoc.c:1742 comppnent. | ||
| CVE-2018-20592 | Med | 0.36 | 5.5 | 0.01 | Dec 30, 2018 | In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc. | ||
| CVE-2018-20005 | Med | 0.36 | 5.5 | 0.01 | Dec 10, 2018 | An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc. | ||
| CVE-2026-5037 | Low | 0.14 | 3.3 | 0.00 | Mar 29, 2026 | A vulnerability was determined in mxml up to 4.0.4. This issue affects the function index_sort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr can lead to stack-based buffer overflow. The attack is restricted to local… | ||
| CVE-2021-43579 | Hig | 0.04 | 7.8 | 0.07 | Jan 10, 2022 | A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file. | ||
| CVE-2024-46478 | Cri | 0.00 | 9.8 | 0.01 | Oct 24, 2024 | HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681. | ||
| CVE-2021-34119 | Hig | 0.00 | 7.8 | 0.00 | Jul 18, 2023 | A flaw was discovered in htmodoc 1.9.12 in function parse_paragraph in ps-pdf.cxx ,this flaw possibly allows possible code execution and a denial of service via a crafted file. | ||
| CVE-2023-28428 | Med | 0.00 | 6.2 | 0.00 | Mar 20, 2023 | PDFio is a C library for reading and writing PDF files. In versions 1.1.0 and prior, a denial of service vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. This is different from CVE-2023-24808. A… | ||
| CVE-2023-24808 | Med | 0.00 | 5.3 | 0.01 | Feb 7, 2023 | PDFio is a C library for reading and writing PDF files. In versions prior to 1.1.0 a denial of service (DOS) vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. The pdf which causes this crash found… | ||
| CVE-2022-0137 | Hig | 0.00 | 7.5 | 0.01 | Nov 14, 2022 | A heap buffer overflow in image_set_mask function of HTMLDOC before 1.9.15 allows an attacker to write outside the buffer boundaries. | ||
| CVE-2022-34035 | Hig | 0.00 | 7.5 | 0.01 | Jul 18, 2022 | HTMLDoc v1.9.12 and below was discovered to contain a heap overflow via e_node htmldoc/htmldoc/html.cxx:588. | ||
| CVE-2022-34033 | Hig | 0.00 | 7.5 | 0.01 | Jul 18, 2022 | HTMLDoc v1.9.15 was discovered to contain a heap overflow via (write_header) /htmldoc/htmldoc/html.cxx:273. | ||
| CVE-2021-26259 | Hig | 0.00 | 7.8 | 0.01 | Mar 3, 2022 | A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render_table_row(),in ps-pdf.cxx may lead to arbitrary code execution and denial of service. | ||
| CVE-2021-40985 | Med | 0.00 | 5.5 | 0.01 | Nov 3, 2021 | A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp. |
- risk 0.51cvss 7.8epss 0.01
Codedoc v3.2 has a stack-based buffer overflow in add_variable in codedoc.c, related to codedoc_strlcpy.
- risk 0.49cvss 7.5epss 0.01
A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxml_string_getc:2611. NOTE: it is unclear whether this input is allowed by the API specification
- risk 0.49cvss 7.5epss 0.01
A memory leak issue was discovered in Mini-XML v3.2 that could cause a denial of service. NOTE: testing reports are inconsistent, with some testers seeing the issue in both the 3.2 release and in the October 2021 development code, but others not seeing the issue in the 3.2…
- risk 0.36cvss 5.5epss 0.00
Buffer Overflow vulnerability in Michaelrsweet codedoc v.3.7 allows an attacker to cause a denial of service via the codedoc.c:1742 comppnent.
- risk 0.36cvss 5.5epss 0.01
In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc.
- risk 0.36cvss 5.5epss 0.01
An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc.
- risk 0.14cvss 3.3epss 0.00
A vulnerability was determined in mxml up to 4.0.4. This issue affects the function index_sort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr can lead to stack-based buffer overflow. The attack is restricted to local…
- risk 0.04cvss 7.8epss 0.07
A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file.
- risk 0.00cvss 9.8epss 0.01
HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681.
- risk 0.00cvss 7.8epss 0.00
A flaw was discovered in htmodoc 1.9.12 in function parse_paragraph in ps-pdf.cxx ,this flaw possibly allows possible code execution and a denial of service via a crafted file.
- risk 0.00cvss 6.2epss 0.00
PDFio is a C library for reading and writing PDF files. In versions 1.1.0 and prior, a denial of service vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. This is different from CVE-2023-24808. A…
- risk 0.00cvss 5.3epss 0.01
PDFio is a C library for reading and writing PDF files. In versions prior to 1.1.0 a denial of service (DOS) vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. The pdf which causes this crash found…
- risk 0.00cvss 7.5epss 0.01
A heap buffer overflow in image_set_mask function of HTMLDOC before 1.9.15 allows an attacker to write outside the buffer boundaries.
- risk 0.00cvss 7.5epss 0.01
HTMLDoc v1.9.12 and below was discovered to contain a heap overflow via e_node htmldoc/htmldoc/html.cxx:588.
- risk 0.00cvss 7.5epss 0.01
HTMLDoc v1.9.15 was discovered to contain a heap overflow via (write_header) /htmldoc/htmldoc/html.cxx:273.
- risk 0.00cvss 7.8epss 0.01
A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render_table_row(),in ps-pdf.cxx may lead to arbitrary code execution and denial of service.
- risk 0.00cvss 5.5epss 0.01
A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp.