oss-sec mailing list archives

CVE requested: two stack exhaustation parsing xml files using mxml

From: Gustavo Grieco <gustavo.grieco () gmail com>
Date: Sat, 7 May 2016 23:40:38 +0200

Hi,

We found two stack exhustation conditions that can easily crash mxml
when parsing an xml. Both issues are affecting versions 2.7 and 2.9
(and probably others):

* Recursion using mxmlDelete at mxml-node.c:217 (stack-exhaustion-1.xml)
* Recursion using mxml_write_node at mxml-file.c:2739 (stack-exhaustion-2.xml)

Found using QuickFuzz + Radamsa. Reproducers are attached.

Regards,
Gustavo.

Attachment: reproducers.tar.gz
Description:

Current thread:

CVE requested: two stack exhaustation parsing xml files using mxml Gustavo Grieco (May 07)
- Re: CVE requested: two stack exhaustation parsing xml files using mxml Gustavo Grieco (May 08)
- Re: CVE requested: two stack exhaustation parsing xml files using mxml cve-assign (May 09)
  - Re: CVE requested: two stack exhaustation parsing xml files using mxml Gustavo Grieco (May 11)