Bug 2322054 (CVE-2024-50614) - CVE-2024-50614 tinyxml2: reachable assertion in GetCharacterRef()
Summary: CVE-2024-50614 tinyxml2: reachable assertion in GetCharacterRef()
Keywords:
Status: NEW
Alias: CVE-2024-50614
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2322188 2322189
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-10-27 23:01 UTC by OSIDB Bzimport
Modified: 2024-11-12 23:14 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2024-10-27 23:01:04 UTC 
TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/16, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef.
Comment 1 Dominik 'Rathann' Mierzejewski 2024-11-12 23:14:45 UTC 
This is https://github.com/leethomason/tinyxml2/issues/996 .
Note You need to log in before you can comment on or make changes to this bug.