ezxml_project CVE Vulnerabilities & Metrics

Focus on ezxml_project vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About ezxml_project Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with ezxml_project. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total ezxml_project CVEs: 17
Earliest CVE date: 26 Dec 2019, 22:15 UTC
Latest CVE date: 17 May 2022, 20:15 UTC

Latest CVE reference: CVE-2022-30045

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical ezxml_project CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.65

Max CVSS: 5.8

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	0
4.0-6.9	17
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS ezxml_project CVEs

These are the five CVEs with the highest CVSS scores for ezxml_project, sorted by severity first and recency.

CVE-2021-26222 ezxml_project Published on 08 Feb 2021, 21:15 UTC (CVSS: 5.8)
The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
CVE-2021-26221 ezxml_project Published on 08 Feb 2021, 21:15 UTC (CVSS: 5.8)
The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
CVE-2021-26220 ezxml_project Published on 08 Feb 2021, 21:15 UTC (CVSS: 5.8)
The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.
CVE-2021-31598 ezxml_project Published on 24 Apr 2021, 17:15 UTC (CVSS: 5.0)
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow.
CVE-2019-20006 ezxml_project Published on 26 Dec 2019, 22:15 UTC (CVSS: 5.0)
An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content puts a pointer to the internal address of a larger block as xml->txt. This is later deallocated (using free), leading to a segmentation fault.

All CVEs for ezxml_project

CVE-2022-30045 ezxml_project vulnerability CVSS: 4.3 17 May 2022, 20:15 UTC

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap out-of-bounds read.

CVE-2021-31598 ezxml_project vulnerability CVSS: 5.0 24 Apr 2021, 17:15 UTC

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap-based buffer overflow.

CVE-2021-31348 ezxml_project vulnerability CVSS: 4.3 16 Apr 2021, 18:15 UTC

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (out-of-bounds read after a certain strcspn failure).

CVE-2021-31347 ezxml_project vulnerability CVSS: 4.3 16 Apr 2021, 18:15 UTC

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_parse_str() performs incorrect memory handling while parsing crafted XML files (writing outside a memory region created by mmap).

CVE-2021-31229 ezxml_project vulnerability CVSS: 4.3 15 Apr 2021, 15:15 UTC

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd() performs incorrect memory handling while parsing crafted XML files, which leads to an out-of-bounds write of a one byte constant.

CVE-2021-30485 ezxml_project vulnerability CVSS: 4.3 11 Apr 2021, 16:15 UTC

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.

CVE-2021-26222 ezxml_project vulnerability CVSS: 5.8 08 Feb 2021, 21:15 UTC

The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.

CVE-2021-26221 ezxml_project vulnerability CVSS: 5.8 08 Feb 2021, 21:15 UTC

The ezxml_new function in ezXML 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.

CVE-2021-26220 ezxml_project vulnerability CVSS: 5.8 08 Feb 2021, 21:15 UTC

The ezxml_toxml function in ezxml 0.8.6 and earlier is vulnerable to OOB write when opening XML file after exhausting the memory pool.

CVE-2019-20202 ezxml_project vulnerability CVSS: 4.3 31 Dec 2019, 21:15 UTC

An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content() tries to use realloc on a block that was not allocated, leading to an invalid free and segmentation fault.

CVE-2019-20201 ezxml_project vulnerability CVSS: 4.3 31 Dec 2019, 21:15 UTC

An issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxml_parse_* functions mishandle XML entities, leading to an infinite loop in which memory allocations occur.

CVE-2019-20200 ezxml_project vulnerability CVSS: 4.3 31 Dec 2019, 21:15 UTC

An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing crafted a XML file, performs incorrect memory handling, leading to a heap-based buffer over-read in the "normalize line endings" feature.

CVE-2019-20199 ezxml_project vulnerability CVSS: 4.3 31 Dec 2019, 21:15 UTC

An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to NULL pointer dereference while running strlen() on a NULL pointer.

CVE-2019-20198 ezxml_project vulnerability CVSS: 4.3 31 Dec 2019, 21:15 UTC

An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_ent_ok() mishandles recursion, leading to stack consumption for a crafted XML file.

CVE-2019-20007 ezxml_project vulnerability CVSS: 4.3 26 Dec 2019, 22:15 UTC

An issue was discovered in ezXML 0.8.2 through 0.8.6. The function ezxml_str2utf8, while parsing a crafted XML file, performs zero-length reallocation in ezxml.c, leading to returning a NULL pointer (in some compilers). After this, the function ezxml_parse_str does not check whether the s variable is not NULL in ezxml.c, leading to a NULL pointer dereference and crash (segmentation fault).

CVE-2019-20006 ezxml_project vulnerability CVSS: 5.0 26 Dec 2019, 22:15 UTC

An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_char_content puts a pointer to the internal address of a larger block as xml->txt. This is later deallocated (using free), leading to a segmentation fault.

CVE-2019-20005 ezxml_project vulnerability CVSS: 4.3 26 Dec 2019, 22:15 UTC

An issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxml_decode, while parsing a crafted XML file, performs incorrect memory handling, leading to a heap-based buffer over-read while running strchr() starting with a pointer after a '\0' character (where the processing of a string was finished).