cve-2017-2640-00

Summary Out-of-bounds write when stripping xml
Date 2017-03-09
CVE Number CVE-2017-2640
Discovered By Joseph Bisch
Fixed In Release 2.12.0

Description

An out-of-bounds write when invalid xml is sent by a malicious server.

Mitigation

Only decode HTML entities that are well formed.

We've launched the new site. Think we're missing something?
Read the blog post or Go to the old site