DSA-4814-1 xerces-c -- xerces-cID: oval:org.secpod.oval:def:605346 | Date: (C)2020-12-18 (M)2024-06-24 |
Class: PATCH | Family: unix |
It was discovered that xerces-c, a validating XML parser library for C++, did not correctly scan DTDs. The use-after-free vulnerability resulting from this issue would allow a remote attacker to leverage a specially crafted XML file in order to crash the application or potentially execute arbitrary code. Please note that the patch fixing this issue comes at the expense of a newly introduced memory leak.
Product: |
libxerces-c-dev |
libxerces-c3.2 |
libxerces-c-samples |
libxerces-c-doc |