Cve Reporting

**Name of the Vulnerable Software and Affected Versions** ezXML versions 0.8.6 and earlier **Description** The issue is related to the `ezxml toxml` function in ezXML, which is vulnerable to an out-of-bounds (OOB) write when opening an XML file after exhausting the memory pool. This can allow a remote attacker to compromise data integrity and cause a denial of service. **Recommendations** For ezXML versions 0.8.6 and earlier, consider disabling the `ezxml toxml` function until a patch is available to prevent potential exploitation. Restrict access to XML files to minimize the risk of OOB write attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ezXML versions 0.8.6 and earlier **Description** The issue is related to the ezxml new function in the ezXML library, which is vulnerable to an out-of-bounds (OOB) write when opening an XML file after exhausting the memory pool. This can allow a remote attacker to compromise data integrity and cause a denial of service. **Recommendations** For ezXML versions 0.8.6 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ezXML versions 0.8.3 through 0.8.6 **Description** The issue is related to the `ezxml ent ok()` function, which mishandles recursion. This can lead to stack consumption when processing a crafted XML file, potentially allowing a remote attacker to cause a denial of service. **Recommendations** For ezXML versions 0.8.3 through 0.8.6, consider disabling the `ezxml ent ok()` function as a temporary workaround until a patch is available. Restrict access to crafted XML files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ezXML versions 0.8.3 through 0.8.6 **Description** The issue is related to the `ezxml char content()` function, which attempts to use `realloc` on a block that was not allocated, resulting in an invalid free and segmentation fault. This can be exploited by a remote attacker to cause a denial of service. **Recommendations** For ezXML versions 0.8.3 through 0.8.6, consider disabling the `ezxml char content()` function as a temporary workaround until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ezXML versions 0.8.3 through 0.8.6 **Description** The issue is related to the `ezxml decode` function in the ezXML library, which performs incorrect memory handling while parsing crafted XML files. This leads to a heap-based buffer over-read in the "normalize line endings" feature. The vulnerability can be exploited by a remote attacker using a specially crafted XML file, potentially causing a denial of service. **Recommendations** For ezXML versions 0.8.3 through 0.8.6, consider disabling the `ezxml decode` function or restricting its use until a patch is available. As a temporary workaround, avoid using the "normalize line endings" feature in the `ezxml decode` function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ezXML versions 0.8.3 through 0.8.6 **Description** The issue is related to the `ezxml parse *` functions in the ezXML library, which mishandle XML entities. This leads to an infinite loop with memory allocations, resulting in a denial of service. The vulnerability can be exploited by a remote attacker. **Recommendations** For ezXML versions 0.8.3 through 0.8.6, consider disabling the `ezxml parse *` functions as a temporary workaround until a patch is available. Restrict access to the ezXML library to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ezXML versions 0.8.2 through 0.8.6 **Description** The issue is related to errors in handling pointers in the `ezxml str2utf8` and `ezxml parse str` functions within the `ezxml.c` component of the ezXML library for parsing XML documents. This can lead to a NULL pointer dereference and crash when parsing a crafted XML file, potentially allowing a remote attacker to cause a denial of service. **Recommendations** For ezXML versions 0.8.2 through 0.8.6, consider disabling the `ezxml str2utf8` and `ezxml parse str` functions in `ezxml.c` until a patch is available to prevent potential crashes from crafted XML files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ezXML versions 0.8.3 through 0.8.6 **Description** The issue is related to the function `ezxml char content` in the ezXML library for parsing XML documents. It involves a use-after-free error, where a pointer to the internal address of a larger block is stored as `xml->txt` and later deallocated using `free`, leading to a segmentation fault. This can be exploited by a remote attacker to cause a denial of service. **Recommendations** For ezXML versions 0.8.3 through 0.8.6, consider disabling the `ezxml char content` function until a patch is available to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.