ezxml_project 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk memory corruption and バッファオーバーフロー があり、vendor surface production workloads and vendor surface software deployment の利用場面で アプリケーションクラッシュ and vendor impact memory corruption などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2022-30045 | An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap out-of-bounds read. | [email protected] | 6.5 | 0.69% | 2022-05-17 | 2024-11-21 |
| CVE-2021-31598 | An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow. | [email protected] | 7.5 | 0.86% | 2021-04-24 | 2024-11-21 |
| CVE-2021-31348 | An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure). | [email protected] | 6.5 | 0.86% | 2021-04-16 | 2024-11-21 |
| CVE-2021-31347 | An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (writing outside a memory region created by mmap). | [email protected] | 6.5 | 1.17% | 2021-04-16 | 2024-11-21 |
| CVE-2021-31229 | An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs incorrect memory handling while parsing crafted XML files, which leads to an out-of-bounds write of a one byte constant. | [email protected] | 6.5 | 1.85% | 2021-04-15 | 2024-11-21 |
| CVE-2021-30485 | An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer. | [email protected] | 6.5 | 1.46% | 2021-04-11 | 2024-11-21 |
| CVE-2021-26222 | The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool. | [email protected] | 8.1 | 0.44% | 2021-02-08 | 2024-11-21 |
| CVE-2021-26221 | The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool. | [email protected] | 8.1 | 0.44% | 2021-02-08 | 2024-11-21 |
| CVE-2021-26220 | The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool. | [email protected] | 8.1 | 0.44% | 2021-02-08 | 2024-11-21 |
| CVE-2019-20202 | An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content() tries to use realloc on a block that was not allocated, leading to an invalid free and segmentation fault. | [email protected] | 6.5 | 0.40% | 2019-12-31 | 2024-11-21 |
| CVE-2019-20201 | An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur. | [email protected] | 6.5 | 0.40% | 2019-12-31 | 2024-11-21 |
| CVE-2019-20200 | An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the "normalize line endings" feature. | [email protected] | 6.5 | 0.52% | 2019-12-31 | 2024-11-21 |
| CVE-2019-20199 | An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen() on a NULL pointer. | [email protected] | 6.5 | 0.79% | 2019-12-31 | 2024-11-21 |
| CVE-2019-20198 | An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file. | [email protected] | 6.5 | 0.73% | 2019-12-31 | 2024-11-21 |
| CVE-2019-20007 | An issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezxml_str2utf8, while parsing a crafted XML file, performs zero-length reallocation in ezxml.c, leading to returning a NULL pointer (in some compilers). After this, the function ezxml_parse_str does not check whether the s variable is not NULL in ezxml.c, leading to a NULL pointer dereference and crash (segmentation fault). | [email protected] | 6.5 | 0.85% | 2019-12-26 | 2024-11-21 |
| CVE-2019-20006 | An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content puts a pointer to the internal address of a larger block as xml->txt. This is later deallocated (using free), leading to a segmentation fault. | [email protected] | 7.5 | 0.44% | 2019-12-26 | 2024-11-21 |
| CVE-2019-20005 | An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to a heap-based buffer over-read while running strchr() starting with a pointer after a '\0' character (where the processing of a string was finished). | [email protected] | 6.5 | 0.68% | 2019-12-26 | 2024-11-21 |