The ezxml_toxml function in ezxml 0.8.6 and previous versions is vulnerable to OOB write when opening XML file after exhausting the memory pool.
ezxml project ezxml