Two stack exhaustion issues based on uncontrolled recursion were found in mxml. A maliciously crafted xml file can cause the application to crash. CVE-2016-4570: Recursion using mxmlDelete at mxml-node.c:217 (reproducer is stack-exhaustion-1.xml) CVE-2016-4571: Recursion using mxml_write_node at mxml-file.c:2739 (reproducer is stack-exhaustion-2.xml) References (reproducers available): http://seclists.org/oss-sec/2016/q2/276
Created mxml tracking bugs for this issue: Affects: fedora-all [bug 1334649]
mxml-2.9-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.