DSA-4814-1 xerces-c -- xerces-cID: oval:org.secpod.oval:def:69834 | Date: (C)2021-03-07 (M)2024-02-26 |
Class: PATCH | Family: unix |
It was discovered that libxerces-c-dev, a validating XML parser library for C++, did not correctly scan DTDs. The use-after-free vulnerability resulting from this issue would allow a remote attacker to leverage a specially crafted XML file in order to crash the application or potentially execute arbitrary code. Please note that the patch fixing this issue comes at the expense of a newly introduced memory leak.