CRITICAL9.8
TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use of the library and not a vulnerability in tinyxml2
CVSS 2.0HIGH 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xCRITICAL 9.8
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HReferences
- https://github.com/leethomason/tinyxml2/issues/675
- https://github.com/leethomason/tinyxml2/issues/675#issuecomment-439933437
- https://github.com/leethomason/tinyxml2/issues/675#issuecomment-462194018
- https://github.com/leethomason/tinyxml2/issues/675
- https://github.com/leethomason/tinyxml2/issues/675#issuecomment-439933437
- https://github.com/leethomason/tinyxml2/issues/675#issuecomment-462194018