Recent changes to 16: Denial of Service vulnerability (infinite loop) while parsing malicious XML fileshttps://sourceforge.net/p/ezxml/bugs/16/Recent changes to 16: Denial of Service vulnerability (infinite loop) while parsing malicious XML filesenMon, 25 Oct 2021 09:16:13 -0000#16 Denial of Service vulnerability (infinite loop) while parsing malicious XML fileshttps://sourceforge.net/p/ezxml/bugs/16/?limit=25#6f3f<div class="markdown_content"><p>For me, this issue is resolved by the fix for <a class="" href="https://sourceforge.net/p/ezxml/bugs/26/">bug 26</a>.<br/> Check my <a class="" href="https://sourceforge.net/p/ezxml/bugs/26/#7b82">comment</a> there.</p></div>Egbert EichMon, 25 Oct 2021 09:16:13 -0000https://sourceforge.net26ed8421ee9902dbed1b591c281c80c54b7c2233Denial of Service vulnerability (infinite loop) while parsing malicious XML fileshttps://sourceforge.net/p/ezxml/bugs/16/<div class="markdown_content"><p>A maliciously crafted XML file triggers an infinite loop while parsing this file using one of ezxml_parse functions.<br/> The loop is located inside the ezxml_decode function and incorrect handling of XML entities leads to inflate processed strings.<br/> In the loop consecutive memory allocations are performed rapidly increasing memory usage until reaching memory limits or crashing the execution environment.</p></div>CVE ReportingSun, 29 Dec 2019 16:15:22 -0000https://sourceforge.net6e59bb6ef5f1efbbcfeb5a6a48ad240f3af58cc7