CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-42860
https://notcve.org/view.php?id=CVE-2021-42860
26 May 2022 — A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxml_string_getc:2611. NOTE: it is unclear whether this input is allowed by the API specification ** EN DISPUTA ** Se presenta un desbordamiento del buffer de pila en Mini-XML v3.2. Cuando es introducida una cadena XML no formada en la API mxmlLoadString, es causado un desbordamiento del búfer de pila en mxml_string_getc:2611. NOTA: no está claro si esta ... • https://github.com/michaelrsweet/mxml/issues/286 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-42859
https://notcve.org/view.php?id=CVE-2021-42859
26 May 2022 — A memory leak issue was discovered in Mini-XML v3.2 that could cause a denial of service. NOTE: testing reports are inconsistent, with some testers seeing the issue in both the 3.2 release and in the October 2021 development code, but others not seeing the issue in the 3.2 release ** EN DISPUTA ** Se ha detectado un problema de pérdida de memoria en Mini-XML versión v3.2, que podría causar una denegación de servicio. NOTA: los informes de las pruebas son inconsistentes, ya que algunos probadores ven el prob... • https://github.com/michaelrsweet/mxml/issues/286 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 2CVE-2018-20004
https://notcve.org/view.php?id=CVE-2018-20004
10 Dec 2018 — An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2016-4570
https://notcve.org/view.php?id=CVE-2016-4570
03 Feb 2017 — The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file. La función mxmlDelete en mxml-node.c en mxml 2.9, 2.7 y posiblemente versiones anteriores permite a atacantes remotos provocar una denegación de servicio (consumo de pila) a través de un archivo xml manipulado. • http://www.openwall.com/lists/oss-security/2016/05/09/16 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2016-4571
https://notcve.org/view.php?id=CVE-2016-4571
03 Feb 2017 — The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file. La función mxml_write_node en mxml-file.c en mxml 2.9, 2.7 y posiblemente versiones anteriores permite a atacantes remotos provocar una denegación de servicio (consumo de pila) a través de un archivo xml manipulado. • http://www.openwall.com/lists/oss-security/2016/05/09/16 • CWE-400: Uncontrolled Resource Consumption •