VDB
GCVE-110-MAGEIA-2017-103
GCVE-110-MAGEIA-2017-103
Advisory Published
Two stack exhaustion issues based on uncontrolled recursion were found in
mxml. A maliciously crafted xml file can cause the application to crash.
* Recursion using mxmlDelete at mxml-node.c:217 (reproducer is
stack-exhaustion-1.xml CVE-2016-4570).
* Recursion using mxml_write_node at mxml-file.c:2739 (reproducer is
stack-exhaustion-2.xml CVE-2016-4571).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | libdnf | 0 (affected), 0.11.1-1.mga6 (unaffected) | — |
| Mageia | dnf-plugins-extras | 2.0.3-1.mga6 (unaffected), 0 (affected) | — |
| Mageia | libsolv | 0 (affected), 0.6.30-1.mga6 (unaffected) | — |
| Mageia | mxml | 0 (affected), 2.7-6.1.mga5 (unaffected), 0 (affected), 2.7-6.1.mga5 (unaffected) | — |
| Mageia | dnf-plugins-core | 0 (affected), 2.1.5-1.mga6 (unaffected) | — |
| Mageia | dnf | 2.7.5-1.mga6 (unaffected), 0 (affected) | — |
Aliases
References
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.