MGASA-2017-0103

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2017-0103.html
Import Source
https://advisories.mageia.org/MGASA-2017-0103.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2017-0103
Related
Published
2017-04-04T06:44:05Z
Modified
2017-04-04T06:31:41Z
Summary
Updated mxml packages fix security vulnerability
Details

Two stack exhaustion issues based on uncontrolled recursion were found in mxml. A maliciously crafted xml file can cause the application to crash.

  • Recursion using mxmlDelete at mxml-node.c:217 (reproducer is stack-exhaustion-1.xml CVE-2016-4570).

  • Recursion using mxmlwritenode at mxml-file.c:2739 (reproducer is stack-exhaustion-2.xml CVE-2016-4571).

References
Credits

Affected packages

Mageia:5 / mxml

Package

Name
mxml
Purl
pkg:rpm/mageia/mxml?distro=mageia-5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.7-6.1.mga5

Ecosystem specific 

{
    "section": "core"
}