AVG-700

Package tinyxml2
Status Not affected
Severity High
Type arbitrary code execution
Affected 6.2.0-1
Fixed Not affected
Current 6.2.0-1 [community]
Ticket None
Created Wed May 16 16:56:55 2018
Issue Severity Remote Type Description
CVE-2018-11210 High Yes Arbitrary code execution
TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so.
Notes
This is not a security issue, the initial reporter made a mistake in the fuzzing code (passing a non-null terminated buffer without the size).