PT-2026-28748 · Mxml · Mxml

Mthg

Published

2026-01-01

Updated

2026-04-11

CVE-2026-5037

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions mxml versions up to 4.0.4

Description A flaw exists in mxml up to version 4.0.4 related to a stack-based buffer overflow. The issue resides within the index sort function in the mxml-index.c file, specifically within the mxmlIndexNew component. Manipulation of the tempr argument can trigger the overflow, limiting exploitation to local execution. The exploit has been publicly disclosed.

Recommendations Apply patch 6e27354466092a1ac65601e01ce6708710bb9fa5 to remediate this issue.

Exploit

Fix

Stack Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-119

Related Identifiers

CVE-2026-5037

OESA-2026-1860

Affected Products

Mxml

PT-2026-28748 · Mxml · Mxml

CVE-2026-5037

Weakness Enumeration

Related Identifiers

Affected Products

References · 17