MidnightBSD

Advisories for tinyxml2_project

CVE-2018-11210 HIGH

TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use of the library and not a vulnerability in tinyxml2

CVSS 2.0

Severity: HIGH

Problem Type: CWE-125,

Products Affected

Vendor Product Version
tinyxml2_project tinyxml2 6.2.0
CVE-2024-50614

TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/16, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef.

Products Affected

Vendor Product Version
tinyxml2_project tinyxml2 *
CVE-2024-50615

TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/digit, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef.

Products Affected

Vendor Product Version
tinyxml2_project tinyxml2 *