vendor:
Mini-XML
by:
LIWEI
7.8
CVSS
HIGH
Heap Overflow
122
CWE
Product Name: Mini-XML
Affected Version From: 3.2
Affected Version To: 3.2
Patch Exists: YES
Related CWE:
CPE: a:michaelrsweet:mini-xml
Platforms Tested: Ubuntu 18.04.2
2020
Mini-XML 3.2 – Heap Overflow
Mini-XML is a small XML parsing library written in C. A heap overflow vulnerability exists in Mini-XML 3.2 due to an incorrect bounds check in the mxml_string_getc() function. An attacker can exploit this vulnerability by providing a specially crafted XML file to the application, resulting in a denial of service or potentially arbitrary code execution.
Mitigation:
Upgrade to the latest version of Mini-XML, which is 3.3 or later.