Ross Geerlings discovered that the XMLTooling library didn"t correctly handle exceptions on malformed XML declarations, which could result in denial of service against the application using XMLTooling.