A heap-based buffer overflow vulnerability exists in the XML Decompression DecodeTreeBlock functionality of AT&T Labs Xmill 0.7. Within `DecodeTreeBlock` which is called during the decompression of an XMI file, a UINT32 is loaded from the file and used as trusted input as the length of a buffer. An attacker can provide a malicious file to trigger this vulnerability.
References
Link | Resource |
---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1291 | Exploit Third Party Advisory |
Configurations
Information
Published : 2021-08-20 15:15
Updated : 2022-05-31 15:08
NVD link : CVE-2021-21827
Mitre link : CVE-2021-21827
JSON object : View
CWE
CWE-787
Out-of-bounds Write
Products Affected
att
- xmill