ALAS2-2020-1415 --- xerces-cID: oval:org.secpod.oval:def:1700322 | Date: (C)2020-04-28 (M)2024-02-26 |
Class: PATCH | Family: unix |
A use-after-free vulnerability was found in xerces-c in the way an XML document is processed via the SAX API. Applications that process XML documents with an external Document Type Definition may be vulnerable to this flaw. A remote attacker could exploit this flaw by creating a specially crafted XML file that would crash the application or potentially lead to arbitrary code execution