जमा करें #778638: michaelrsweet mxml 4.0.4 Heap-based Buffer Overflowजानकारी

शीर्षकmichaelrsweet mxml 4.0.4 Heap-based Buffer Overflow
विवरणWhile fuzzing the latest version of mxml using SynFuzz and AddressSanitizer, I discovered a heap-buffer-overflow (specifically, an out-of-bounds read with a negative offset) in the index_sort function within mxml-index.c. The vulnerability is triggered when a specifically malformed XML structure is parsed and subsequently passed to mxmlIndexNew to build an index. During the node sorting phase, an array pointer or index appears to decrement past the starting boundary of the allocated node array, resulting in an 8-byte read before the allocated 128-byte heap region. https://github.com/michaelrsweet/mxml/issues/350
स्रोत⚠️ https://github.com/michaelrsweet/mxml/issues/350
उपयोगकर्ता
 MTHG (UID 83728)
सबमिशन12/03/2026 01:31 PM (4 महीनों पहले)
संयम27/03/2026 05:23 PM (15 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि353963 [mxml तक 4.0.4 mxmlIndexNew mxml-index.c index_sort tempr बफ़र ओवरफ़्लो]
अंक20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!