Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Primary rating from NVD.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
7DescriptionCVE.org
A vulnerability was determined in mxml up to 4.0.4. This issue affects the function index_sort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr can lead to stack-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. This patch is called 6e27354466092a1ac65601e01ce6708710bb9fa5. A patch should be applied to remediate this issue.
AnalysisAI
Stack-based buffer overflow in mxml up to version 4.0.4 allows local authenticated attackers to cause a denial of service by manipulating the tempr argument in the index_sort function within mxmlIndexNew. The vulnerability has a low CVSS score of 3.3 due to local-only attack vector and denial-of-service impact, but publicly available exploit code exists and a vendor patch has been released.
Technical ContextAI
The vulnerability resides in the mxml-index.c file, specifically in the index_sort function called by mxmlIndexNew, which is responsible for creating and sorting XML element indices. The root cause is a classic stack-based buffer overflow (CWE-121: Stack-based Buffer Overflow) where insufficient bounds checking on the tempr parameter allows an attacker to write beyond allocated stack memory. This is a C library vulnerability in a widely-used XML manipulation utility, and the attack requires local file system access to provide a maliciously crafted XML input that triggers the overflow during index creation.
RemediationAI
Upgrade mxml to a version containing the vendor-released patch commit 6e27354466092a1ac65601e01ce6708710bb9fa5 or later. Users should check the official mxml GitHub repository at https://github.com/michaelrsweet/mxml for the latest stable release and apply it immediately. If upgrading is not immediately feasible, restrict local user access and authentication privileges on systems running vulnerable versions of mxml, and avoid processing untrusted XML input files with mxmlIndexNew functionality. Refer to the vendor advisory and GitHub issue at https://github.com/michaelrsweet/mxml/issues/350 for additional technical details and validation.
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Buffer Overflow
View allVendor StatusVendor
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | vulnerable | 3.2-1 | - |
| forky, bookworm, trixie | vulnerable | 3.3.1-1 | - |
| sid | vulnerable | 4.0.4-3 | - |
| (unstable) | fixed | (unfixed) | - |
SUSE
Severity: LowShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-16983