CVE-2021-21829

Name of the Vulnerable Software and Affected Versions Xmill version 0.7

Description The issue is related to a heap-based buffer overflow error in the Decompression EnumerationUncompressor::UncompressItem function when handling XML files. This can be exploited by a remote attacker to execute arbitrary code. A specially crafted XMI file can trigger this issue, potentially leading to remote code execution.

Recommendations For Xmill version 0.7, consider disabling the UncompressItem function in the Decompression EnumerationUncompressor as a temporary workaround until a patch is available. Restrict access to handling XML files to minimize the risk of exploitation. Avoid using the Decompression EnumerationUncompressor functionality with untrusted or malicious XMI files until the issue is resolved.