CVE-2021-21812

Name of the Vulnerable Software and Affected Versions Xmill version 0.7

Description A stack-based buffer overflow issue exists in the command-line-parsing HandleFileArg functionality. The filepattern argument, which is under user control, is passed to strcpy without length checks, leading to a stack-buffer overflow. This can be triggered by providing malicious input. The vulnerability is related to an error in memory boundary handling when processing XML files, which could allow an attacker to execute arbitrary code.

Recommendations For Xmill version 0.7, as a temporary workaround, consider disabling the HandleFileArg function until a patch is available. Restrict access to the command-line-parsing functionality to minimize the risk of exploitation. Avoid using user-provided input for the filepattern argument in the affected functionality until the issue is resolved.