ezXML Project ezXML 0.8.4

CPE Details

ezXML Project ezXML 0.8.4
ezxml_project
ezxml
0.8.4
2020-01-03
18h06 +00:00
2020-01-03
18h06 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:ezxml_project:ezxml:0.8.4:*:*:*:*:*:*:*

Informations

Vendor

ezxml_project

Product

ezxml

Version

0.8.4

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-26220 2021-02-08 19h13 +00:00 The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
8.1
High
CVE-2021-26221 2021-02-08 19h13 +00:00 The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
8.1
High
CVE-2021-26222 2021-02-08 19h13 +00:00 The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
8.1
High
CVE-2019-20198 2019-12-31 19h31 +00:00 An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file.
6.5
Medium
CVE-2019-20199 2019-12-31 19h30 +00:00 An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen() on a NULL pointer.
6.5
Medium
CVE-2019-20200 2019-12-31 19h30 +00:00 An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the "normalize line endings" feature.
6.5
Medium
CVE-2019-20201 2019-12-31 19h30 +00:00 An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur.
6.5
Medium
CVE-2019-20202 2019-12-31 19h30 +00:00 An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content() tries to use realloc on a block that was not allocated, leading to an invalid free and segmentation fault.
6.5
Medium
CVE-2019-20005 2019-12-26 20h55 +00:00 An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to a heap-based buffer over-read while running strchr() starting with a pointer after a '\0' character (where the processing of a string was finished).
6.5
Medium
CVE-2019-20006 2019-12-26 20h55 +00:00 An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content puts a pointer to the internal address of a larger block as xml->txt. This is later deallocated (using free), leading to a segmentation fault.
7.5
High
CVE-2019-20007 2019-12-26 20h55 +00:00 An issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezxml_str2utf8, while parsing a crafted XML file, performs zero-length reallocation in ezxml.c, leading to returning a NULL pointer (in some compilers). After this, the function ezxml_parse_str does not check whether the s variable is not NULL in ezxml.c, leading to a NULL pointer dereference and crash (segmentation fault).
6.5
Medium