Aggregates CVE and security vulnerability intelligence across all tinyxml2_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk buffer overflow, with potential vendor impact application crash and vendor impact memory corruption across vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-50615 | TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/digit, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef. | [email protected] | 6.5 | 0.22% | 2024-10-27 | 2025-09-04 |
| CVE-2024-50614 | TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/16, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef. | [email protected] | 6.5 | 0.22% | 2024-10-27 | 2025-09-04 |
| CVE-2018-11210 | TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use of the library and not a vulnerability in tinyxml2 | [email protected] | 9.8 | 0.45% | 2018-05-16 | 2024-11-21 |