Tinyxml Project: Security Vulnerabilities
StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a '\0' located after whitespace.
CVSS Score
7.5
EPSS Score
0.006
Published
2023-12-13
TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-10-11