本页列出影响 mini-xml_project mini-xml 的已公开 CVE 漏洞(通过 NVD CPE 关联)。每行包含严重程度评分、摘要与发布日期,便于识别与分析安全问题。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2021-42860 | A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxml_string_getc:2611. NOTE: it is unclear whether this input is allowed by the API specification | [email protected] | 7.5 | 0.35% | 2022-05-26 | 2024-11-21 |
| CVE-2021-42859 | A memory leak issue was discovered in Mini-XML v3.2 that could cause a denial of service. NOTE: testing reports are inconsistent, with some testers seeing the issue in both the 3.2 release and in the October 2021 development code, but others not seeing the issue in the 3.2 release | [email protected] | 7.5 | 0.26% | 2022-05-26 | 2024-11-21 |
| CVE-2018-20004 | An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '<order type="real">' substring, as demonstrated by testmxml. | [email protected] | 8.8 | 0.71% | 2018-12-10 | 2024-11-21 |
| CVE-2016-4571 | The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file. | [email protected] | 5.5 | 0.33% | 2017-02-03 | 2026-05-13 |
| CVE-2016-4570 | The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file. | [email protected] | 5.5 | 0.33% | 2017-02-03 | 2026-05-13 |