TinyXML < 2.6.2 - Reachable Assertion via Crafted XML Declaration
StringEqual in TiXmlDeclaration::Parse in tinyxmlparser.cpp in TinyXML through 2.6.2 has a reachable assertion (and application exit) via a crafted XML document with a '\0' located after whitespace.
TinyXML < 2.6.2 - Denial of Service via Infinite Loop in TiXmlParsingData::Stamp
TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.