Headline
Ubuntu Security Notice USN-6542-1
Ubuntu Security Notice 6542-1 - Wang Zhong discovered that TinyXML incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.
==========================================================================Ubuntu Security Notice USN-6542-1December 07, 2023tinyxml vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTS (Available with Ubuntu Pro)- Ubuntu 16.04 LTS (Available with Ubuntu Pro)Summary:TinyXML could be made to crash if it opened a specially craftedfile.Software Description:- tinyxml: A simple, small, minimal, C++ XML parserDetails:Wang Zhong discovered that TinyXML incorrectly handled certain inputs. If auser or an automated system were tricked into opening a specially craftedinput file, a remote attacker could possibly use this issue to cause adenial of service.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS: libtinyxml-dev 2.6.2-4+deb10u1build0.20.04.1 libtinyxml2.6.2v5 2.6.2-4+deb10u1build0.20.04.1Ubuntu 18.04 LTS (Available with Ubuntu Pro): libtinyxml-dev 2.6.2-4ubuntu0.18.04.1~esm1 libtinyxml2.6.2v5 2.6.2-4ubuntu0.18.04.1~esm1Ubuntu 16.04 LTS (Available with Ubuntu Pro): libtinyxml-dev 2.6.2-3ubuntu0.1~esm1 libtinyxml2.6.2v5 2.6.2-3ubuntu0.1~esm1In general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-6542-1 CVE-2021-42260Package Information: https://launchpad.net/ubuntu/+source/tinyxml/2.6.2-4+deb10u1build0.20.04.1
Related news
CVE-2021-42260: TinyXML / Bugs / #141 TIXML_UTF_LEAD_0 can cause TinyXML DoS
TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.
CVE-2021-42260: TinyXML / Bugs / #141 TIXML_UTF_LEAD_0 can cause TinyXML DoS
TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.