CVE-2024-50614

Name
CVE-2024-50614
Description
TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/16, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
https://github.com/leethomason/tinyxml2/issues/996

Match rules

CPE URI Source package Min version Max version
n/a == n/a == n/a
cpe:2.3:a:tinyxml2_project:tinyxml2:*:*:*:*:*:*:*:* tinyxml2 >= 0 <= 10.0.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
tinyxml2 edge-main 10.0.0-r0 André Klitzing <aklitzing@gmail.com> possibly vulnerable
tinyxml2 3.20-main 10.0.0-r0 André Klitzing <aklitzing@gmail.com> possibly vulnerable
tinyxml2 3.19-main 9.0.0-r2 André Klitzing <aklitzing@gmail.com> possibly vulnerable
tinyxml2 3.18-main 9.0.0-r2 André Klitzing <aklitzing@gmail.com> possibly vulnerable
tinyxml2 3.17-main 9.0.0-r0 André Klitzing <aklitzing@gmail.com> possibly vulnerable