CVE-2021-21830

Name of the Vulnerable Software and Affected Versions Xmill version 0.7

Description A heap-based buffer overflow issue exists in the XML Decompression LabelDict::Load functionality. This can be triggered by a specially crafted XMI file, potentially leading to remote code execution. An attacker can exploit this by providing a malicious file.

Recommendations For Xmill version 0.7, consider disabling the LabelDict::Load functionality until a patch is available to prevent potential remote code execution. Restrict access to the XML Decompression feature to minimize the risk of exploitation. Avoid using the LabelDict::Load function with untrusted XMI files until the issue is resolved.