PT-2024-34361 · Tinyxml2+2 · Tinyxml2+2

4N0Nym4U5

Published

2024-10-27

Updated

2026-02-13

CVE-2024-50615

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: TinyXML2 versions prior to 10.0.1

Description: The issue is related to a reachable assertion for UINT MAX/digit in tinyxml2.cpp, specifically in the XMLUtil::GetCharacterRef() function. This may lead to an application exit.

Recommendations: For versions prior to 10.0.1, update to version 10.0.1 or later to resolve the issue.

Exploit

Fix

Assertion Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-617

Related Identifiers

ALT-PU-2025-12799

AZL-51871

AZL-51884

AZL-51888

AZL-51999

AZL-52020

CVE-2024-50615

OESA-2026-1247

OESA-2026-1282

OESA-2026-1283

OESA-2026-1284

OESA-2026-1349

OESA-2026-1350

OPENSUSE-SU-2025:14866-1

Affected Products

Alt Linux

Debian

Tinyxml2

PT-2024-34361 · Tinyxml2+2 · Tinyxml2+2

CVE-2024-50615

Weakness Enumeration

Related Identifiers

Affected Products

References · 31