彙總 mini-xml_project 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
已披露問題常與 記憶體損壞、緩衝區溢位與拒絕服務 相關,可能在 軟體部署與生產負載 場景中帶來 記憶體損壞與應用程式崩潰 等暴露風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2021-42860 | A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxml_string_getc:2611. NOTE: it is unclear whether this input is allowed by the API specification | [email protected] | 7.5 | 0.35% | 2022-05-26 | 2024-11-21 |
| CVE-2021-42859 | A memory leak issue was discovered in Mini-XML v3.2 that could cause a denial of service. NOTE: testing reports are inconsistent, with some testers seeing the issue in both the 3.2 release and in the October 2021 development code, but others not seeing the issue in the 3.2 release | [email protected] | 7.5 | 0.26% | 2022-05-26 | 2024-11-21 |
| CVE-2018-20004 | An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '<order type="real">' substring, as demonstrated by testmxml. | [email protected] | 8.8 | 0.71% | 2018-12-10 | 2024-11-21 |
| CVE-2016-4571 | The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file. | [email protected] | 5.5 | 0.33% | 2017-02-03 | 2026-05-13 |
| CVE-2016-4570 | The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file. | [email protected] | 5.5 | 0.33% | 2017-02-03 | 2026-05-13 |