Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ezxml vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2019-20005
An issue exists in ezXML 0.8.3 up to and including 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to a heap-based buffer over-read while running strchr() starting with a pointer after a '\0' character (whe...
Ezxml Project Ezxml
7.5
CVSSv3
CVE-2019-20006
An issue exists in ezXML 0.8.3 up to and including 0.8.6. The function ezxml_char_content puts a pointer to the internal address of a larger block as xml->txt. This is later deallocated (using free), leading to a segmentation fault.
Ezxml Project Ezxml
6.5
CVSSv3
CVE-2019-20198
An issue exists in ezXML 0.8.3 up to and including 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file.
Ezxml Project Ezxml
1 Github repository
6.5
CVSSv3
CVE-2019-20201
An issue exists in ezXML 0.8.3 up to and including 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur.
Ezxml Project Ezxml
6.5
CVSSv3
CVE-2019-20007
An issue exists in ezXML 0.8.2 up to and including 0.8.6. The function ezxml_str2utf8, while parsing a crafted XML file, performs zero-length reallocation in ezxml.c, leading to returning a NULL pointer (in some compilers). After this, the function ezxml_parse_str does not check ...
Ezxml Project Ezxml
6.5
CVSSv3
CVE-2019-20199
An issue exists in ezXML 0.8.3 up to and including 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen() on a NULL pointer.
Ezxml Project Ezxml
6.5
CVSSv3
CVE-2019-20200
An issue exists in ezXML 0.8.3 up to and including 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the "normalize line endings" feature.
Ezxml Project Ezxml
6.5
CVSSv3
CVE-2019-20202
An issue exists in ezXML 0.8.3 up to and including 0.8.6. The function ezxml_char_content() tries to use realloc on a block that was not allocated, leading to an invalid free and segmentation fault.
Ezxml Project Ezxml
8.1
CVSSv3
CVE-2021-26220
The ezxml_toxml function in ezxml 0.8.6 and previous versions is vulnerable to OOB write when opening XML file after exhausting the memory pool.
Ezxml Project Ezxml
8.1
CVSSv3
CVE-2021-26221
The ezxml_new function in ezXML 0.8.6 and previous versions is vulnerable to OOB write when opening XML file after exhausting the memory pool.
Ezxml Project Ezxml
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »