CVE request libaxl <= 0.6.9

["J. M. Bogaard" <martijn () bogaard eu>]

Hi,

I would like to request a CVE for an issue I have found some time ago. I’m coordinating this together with the 
developers of libaxl (which will release a fix later today).

Because of a bug in the memory allocator of libaxl can the parsing of a specially crafted xml document result in a heap 
overflow.

There is at least 1 known case where an application uses libaxl to parse incoming user supplied xml data, 
unauthenticated and over the network. In the best situation this results in DoS by memory corruption, but RCE is for a 
(skilled) attacker most likely within range.

I hope this is all the information you need, as this is my first CVE request ;-)

Regards,

Martijn