| Summary | Out-of-bounds write when stripping xml |
|---|---|
| Date | 2017-03-09 |
| CVE Number | CVE-2017-2640 |
| Discovered By | Joseph Bisch |
| Fixed In Release | 2.12.0 |
An out-of-bounds write when invalid xml is sent by a malicious server.
Only decode HTML entities that are well formed.