VDB

GCVE-110-MAGEIA-2017-103

GCVE-110-MAGEIA-2017-103
Advisory Published
Vulnetix · Advisory published April 4, 2017
Two stack exhaustion issues based on uncontrolled recursion were found in mxml. A maliciously crafted xml file can cause the application to crash. * Recursion using mxmlDelete at mxml-node.c:217 (reproducer is stack-exhaustion-1.xml CVE-2016-4570). * Recursion using mxml_write_node at mxml-file.c:2739 (reproducer is stack-exhaustion-2.xml CVE-2016-4571).

Affected Products

VendorProductVersionsPlatforms
Mageialibdnf0 (affected), 0.11.1-1.mga6 (unaffected)
Mageiadnf-plugins-extras2.0.3-1.mga6 (unaffected), 0 (affected)
Mageialibsolv0 (affected), 0.6.30-1.mga6 (unaffected)
Mageiamxml0 (affected), 2.7-6.1.mga5 (unaffected), 0 (affected), 2.7-6.1.mga5 (unaffected)
Mageiadnf-plugins-core0 (affected), 2.1.5-1.mga6 (unaffected)
Mageiadnf2.7.5-1.mga6 (unaffected), 0 (affected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›