Y4Mrnie

**Name of the Vulnerable Software and Affected Versions** ezXML version 0.8.6 **Description** The issue is related to the `ezxml decode()` function in the ezXML library, which performs incorrect memory handling while parsing crafted XML files. This leads to a heap out-of-bounds read, allowing a remote attacker to cause a denial of service using a specially crafted XML file. **Recommendations** For ezXML version 0.8.6, as a temporary workaround, consider disabling the `ezxml decode()` function until a patch is available. Restrict access to the ezXML library to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.