Summary Out-of-bounds write when stripping xml
Date 2017-03-09
CVE Number CVE-2017-2640
Discovered By Joseph Bisch
Fixed In Release 2.12.0


An out-of-bounds write when invalid xml is sent by a malicious server.


Only decode HTML entities that are well formed.

We've launched the new site. Think we're missing something?
Read the blog post or Go to the old site