| タイトル | michaelrsweet mxml 4.0.4 Heap-based Buffer Overflow |
|---|
| 説明 | While fuzzing the latest version of mxml using SynFuzz and AddressSanitizer, I discovered a heap-buffer-overflow (specifically, an out-of-bounds read with a negative offset) in the index_sort function within mxml-index.c.
The vulnerability is triggered when a specifically malformed XML structure is parsed and subsequently passed to mxmlIndexNew to build an index. During the node sorting phase, an array pointer or index appears to decrement past the starting boundary of the allocated node array, resulting in an 8-byte read before the allocated 128-byte heap region.
https://github.com/michaelrsweet/mxml/issues/350 |
|---|
| ソース | ⚠️ https://github.com/michaelrsweet/mxml/issues/350 |
|---|
| ユーザー | MTHG (UID 83728) |
|---|
| 送信 | 2026年03月12日 13:31 (17 日 ago) |
|---|
| モデレーション | 2026年03月27日 17:23 (15 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 353963 [mxml 迄 4.0.4 mxmlIndexNew mxml-index.c index_sort tempr メモリ破損] |
|---|
| ポイント | 20 |
|---|