CVSS: 9.8EPSS: 3%CPEs: 10EXPL: 0CVE-2022-26507
https://notcve.org/view.php?id=CVE-2022-26507
14 Apr 2022 — A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828, CVE-2021-21829, or CVE-2021-21830. NOTE: This vulnerability only affects products that are no longer supported by the maintainer Se presenta un desbordamiento de búfer en la región heap de la memoria en XML Decompre... • https://Claroty.com • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-21811
https://notcve.org/view.php?id=CVE-2021-21811
31 Aug 2021 — A memory corruption vulnerability exists in the XML-parsing CreateLabelOrAttrib functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de corrupción de memoria en la funcionalidad XML-parsing CreateLabelOrAttrib de Xmill versión 0.7 de AT&T Labs. Un archivo XML especialmente diseñado puede conllevar a un desbordamiento del búfer de la pila. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1279 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-21828
https://notcve.org/view.php?id=CVE-2021-21828
20 Aug 2021 — A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. In the default case of DecodeTreeBlock a label is created via CurPath::AddLabel in order to track the label for later reference. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de desbordamiento de búfer en la región heap de la memoria en la funcionalidad XML Decompression DecodeTreeBlock de AT&T Labs Xmill versión 0.7. En... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1291 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-21827
https://notcve.org/view.php?id=CVE-2021-21827
20 Aug 2021 — A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within `DecodeTreeBlock` which is called during the decompression of an XMI file, a UINT32 is loaded from the file and used as trusted input as the length of a buffer. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de desbordamiento de búfer en la región heap de la memoria en la funcionalidad XML Decompression DecodeTreeBlock... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1291 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-21826
https://notcve.org/view.php?id=CVE-2021-21826
20 Aug 2021 — A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within `DecodeTreeBlock` which is called during the decompression of an XMI file, a UINT32 is loaded from the file and used as trusted input as the length of a buffer. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de desbordamiento de búfer en la región heap de la memoria en la funcionalidad XML Decompression DecodeTreeBlock... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1291 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2021-21825
https://notcve.org/view.php?id=CVE-2021-21825
18 Aug 2021 — A heap-based buffer overflow vulnerability exists in the XML Decompression PlainTextUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de desbordamiento de búfer en la región heap de la memoria en la funcionalidad XML Decompression PlainTextUncompressor::UncompressItem de Xmill versión 0.7 de AT&T Labs. Un archivo XMI espe... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1290 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-21810
https://notcve.org/view.php?id=CVE-2021-21810
17 Aug 2021 — A memory corruption vulnerability exists in the XML-parsing ParseAttribs functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de corrupción de la memoria en la funcionalidad ParseAttribs de análisis XML de Xmill versión 0.7 de AT&T Labs. Un archivo XML especialmente diseñado puede conllevar a un desbordamiento de búfer de la pila. • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1278 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-21815
https://notcve.org/view.php?id=CVE-2021-21815
13 Aug 2021 — A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs' Xmill 0.7. Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strcpy copying the path provided by the user into a staticly sized buffer without any length checks resulting in a stack-buffer overflow. An attacker can provide malicious input to trigger this vulnerability. Se presen... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1280 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-21813
https://notcve.org/view.php?id=CVE-2021-21813
13 Aug 2021 — Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to memcpy copying the path provided by the user into a staticly sized buffer without any length checks resulting in a stack-buffer overflow. Dentro de la función HandleFileArg el argumento filepattern está bajo el control del usuario que lo pasa desde la línea de comandos. filepattern es pasado directamente a memcpy copiando la ruta proporcionada por ... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1280 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-21814
https://notcve.org/view.php?id=CVE-2021-21814
13 Aug 2021 — Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strlen to determine the ending location of the char* passed in by the user, no checks are done to see if the passed in char* is longer than the staticly sized buffer data is memcpy‘d into, but after the memcpy a null byte is written to what is assumed to be the end of the buffer to terminate the char*, but without length checks, this null write occ... • https://talosintelligence.com/vulnerability_reports/TALOS-2021-1280 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •