| Package | tinyxml |
|---|---|
| Version | 2.6.2-2+deb8u2 (jessie), 2.6.2-4+deb9u2 (stretch) |
| Related CVEs | CVE-2023-34194 |
TinyXML, a small and simple XML parser library, was vulnerable. A specially crafted XML document with a NUL character (\0) located after a whitespace character, could trigger a crash.
For Debian 8 jessie, these problems have been fixed in version 2.6.2-2+deb8u2.
For Debian 9 stretch, these problems have been fixed in version 2.6.2-4+deb9u2.
We recommend that you upgrade your tinyxml packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.