CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-26507

A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828, CVE-2021-21829, or CVE-2021-21830. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Exploit prediction scoring system (EPSS) score

EPSS Score 0.03

EPSS Ranking 86.0%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

Products affected by CVE-2022-26507

Att » Xmill » Version: 0.7

cpe:2.3:a:att:xmill:0.7
Schneider-Electric » Ecostruxure Control Expert » Version: N/A

cpe:2.3:a:schneider-electric:ecostruxure_control_expert:-
Schneider-Electric » Ecostruxure Control Expert » Version: 14.0

cpe:2.3:a:schneider-electric:ecostruxure_control_expert:14.0
Schneider-Electric » Ecostruxure Control Expert » Version: 14.1

cpe:2.3:a:schneider-electric:ecostruxure_control_expert:14.1
Schneider-Electric » Ecostruxure Control Expert » Version: 15.0

cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.0
Schneider-Electric » Ecostruxure Control Expert » Version: 15.1

cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.1
Schneider-Electric » Ecostruxure Process Expert » Version: N/A

cpe:2.3:a:schneider-electric:ecostruxure_process_expert:-
Schneider-Electric » Ecostruxure Process Expert » Version: 2020

cpe:2.3:a:schneider-electric:ecostruxure_process_expert:2020
Schneider-Electric » Remoteconnect » Version: N/A

cpe:2.3:a:schneider-electric:remoteconnect:-
Schneider-Electric » Scadapack 470 » Version: N/A

cpe:2.3:h:schneider-electric:scadapack_470:-
Schneider-Electric » Scadapack 474 » Version: N/A

cpe:2.3:h:schneider-electric:scadapack_474:-
Schneider-Electric » Scadapack 570 » Version: N/A

cpe:2.3:h:schneider-electric:scadapack_570:-
Schneider-Electric » Scadapack 574 » Version: N/A

cpe:2.3:h:schneider-electric:scadapack_574:-
Schneider-Electric » Scadapack 575 » Version: N/A

cpe:2.3:h:schneider-electric:scadapack_575:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-26507

Products

Pricing

Contact Us