CVE-2026-5037 in mxml
摘要 (英语)
A vulnerability was determined in mxml up to 4.0.4. This issue affects the function index_sort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr can lead to stack-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. This patch is called 6e27354466092a1ac65601e01ce6708710bb9fa5. A patch should be applied to remediate this issue.
披露
2026-03-29
条目
| 已发布 | 基础 | 临时 | 漏洞 | CWE | 产品 | 可利用 | 对策 | EPSS | CTI | CVE |
|---|---|---|---|---|---|---|---|---|---|---|
| 2026-03-27 | 3.3 | 3.0 | mxml mxmlIndexNew mxml-index.c index_sort 内存损坏 | 121 | 未知 | 概念验证 | 官方修复 | 0.00000 | 1.60 | CVE-2026-5037 |