CVE-2022-26507
published 2022-04-14CVE-2022-26507: A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828, CVE-2021-21829, or CVE-2021-21830. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| att | xmill | — | — |
| schneider-electric | ecostruxure_control_expert | < 15.1 | 15.1 |
| schneider-electric | ecostruxure_control_expert | — | — |
| schneider-electric | ecostruxure_process_expert | < 2021 | 2021 |