The ezxml_new function in ezXML 0.8.6 and previous versions is vulnerable to OOB write when opening XML file after exhausting the memory pool.
ezxml project ezxml