Vulnerability Details CVE-2021-31348
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.1%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
Products affected by CVE-2021-31348
-
cpe:2.3:a:ezxml_project:ezxml:0.8.6
-
cpe:2.3:o:debian:debian_linux:9.0