rc0r

Please do not apply the originally proposed patch CVE-2021-31229-OOBW-000.patch as it calls ezxml_err() with a potentially corrupt t parameter leading to another crash (that does not occur without the patch applied). To avoid this newly introduced issue the offending call to ezxml_err() was changed to not include the potentially corrupt t: --- ezxml.c 2006-06-08 04:33:38.000000000 +0200 +++ ezxml-fixed.c 2021-04-15 15:40:38.054755080 +0200 @@ -320,6 +320,7 @@ { char q, *c, *t, *n = NULL, *v, **ent,...

Out-of-bounds write in ezxml_decode() leading to heap corruption

Out-of-bounds read/write in ezxml_parse_str() in ezxml.c:586/587

Out-of-bounds write in ezxml_internal_dtd()

Null pointer dereference in ezxml_internal_dtd()