CVE-2026-5037 in mxml
要約 (英語)
A vulnerability was determined in mxml up to 4.0.4. This issue affects the function index_sort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr can lead to stack-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. This patch is called 6e27354466092a1ac65601e01ce6708710bb9fa5. A patch should be applied to remediate this issue.
公開
2026年03月29日
エントリ
| 公開済み | ベース | テンポ | 脆弱性 | CWE | 製品 | 悪用可 | 対策 | EPSS | CTI | CVE |
|---|---|---|---|---|---|---|---|---|---|---|
| 2026年03月27日 | 3.3 | 3.0 | mxml mxmlIndexNew mxml-index.c index_sort メモリ破損 | 121 | 不明 | 概念実証 | 公式な修正 | 0.00013 | 1.62 | CVE-2026-5037 |