CVE-2026-5037: Stack-based Buffer Overflow in mxml
A vulnerability was determined in mxml up to 4.0.4. This issue affects the function index_sort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr can lead to stack-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. This patch is called 6e27354466092a1ac65601e01ce6708710bb9fa5. A patch should be applied to remediate this issue.
AI Analysis
Technical Summary
This vulnerability in mxml up to version 4.0.4 involves a stack-based buffer overflow in the index_sort function of mxml-index.c, triggered by manipulation of the tempr argument. The flaw is local execution only and does not require user interaction. The issue has been publicly disclosed, and a patch exists to remediate it. The CVSS 4.0 base score is 4.8, reflecting medium severity with local attack vector and low privileges required.
Potential Impact
Successful exploitation of this vulnerability can lead to a stack-based buffer overflow, which may cause application crashes or potentially allow an attacker with local access to execute arbitrary code or disrupt service. However, the attack is limited to local execution, reducing its risk profile compared to remote vulnerabilities.
Mitigation Recommendations
A patch identified by commit 6e27354466092a1ac65601e01ce6708710bb9fa5 is available and should be applied to affected versions of mxml (4.0.0 through 4.0.4) to remediate this vulnerability. No vendor advisory was provided to indicate alternative mitigations or that no action is required. Therefore, applying the official patch is the recommended remediation.
CVE-2026-5037: Stack-based Buffer Overflow in mxml
Description
A vulnerability was determined in mxml up to 4.0.4. This issue affects the function index_sort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr can lead to stack-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. This patch is called 6e27354466092a1ac65601e01ce6708710bb9fa5. A patch should be applied to remediate this issue.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in mxml up to version 4.0.4 involves a stack-based buffer overflow in the index_sort function of mxml-index.c, triggered by manipulation of the tempr argument. The flaw is local execution only and does not require user interaction. The issue has been publicly disclosed, and a patch exists to remediate it. The CVSS 4.0 base score is 4.8, reflecting medium severity with local attack vector and low privileges required.
Potential Impact
Successful exploitation of this vulnerability can lead to a stack-based buffer overflow, which may cause application crashes or potentially allow an attacker with local access to execute arbitrary code or disrupt service. However, the attack is limited to local execution, reducing its risk profile compared to remote vulnerabilities.
Mitigation Recommendations
A patch identified by commit 6e27354466092a1ac65601e01ce6708710bb9fa5 is available and should be applied to affected versions of mxml (4.0.0 through 4.0.4) to remediate this vulnerability. No vendor advisory was provided to indicate alternative mitigations or that no action is required. Therefore, applying the official patch is the recommended remediation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-03-27T16:23:50.496Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 69c8ea29919ccadcdffae6e8
Added to database: 3/29/2026, 9:00:25 AM
Last enriched: 4/5/2026, 10:37:40 AM
Last updated: 5/12/2026, 8:03:10 PM
Views: 71
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.