CVEs referencing
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N53IJHDYR5HVQLKH4J6B27OEQLGKSGY5/

CVE-2018-20004

An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based buffer overflow in mxml_write_node in mxml-file.c via vectors involving a double-precision floating point number and the '<order type="real">' substring, as demonstrated by testmxml.
Max Base Score
8.8
Published
2018-12-10
Updated
2020-08-24
EPSS
1.92%

CVE-2018-20005

An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc.
Max Base Score
5.5
Published
2018-12-10
Updated
2019-04-03
EPSS
0.15%

CVE-2018-20592

In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd function of the mxml-node.c file. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted xml file, as demonstrated by mxmldoc.
Max Base Score
5.5
Published
2018-12-30
Updated
2019-04-03
EPSS
0.88%

CVE-2018-20593

In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in the scan_file function in mxmldoc.c.
Max Base Score
5.5
Published
2018-12-30
Updated
2020-08-24
EPSS
0.17%
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close