DSA-2717-1 xml-security-c -- heap overflowID: oval:org.secpod.oval:def:601065 | Date: (C)2013-06-28 (M)2023-02-20 |
Class: PATCH | Family: unix |
Jon Erickson of iSIGHT Partners Labs discovered a heap overflow in xml-security-c, an implementation of the XML Digital Security specification. The fix to address CVE-2013-2154 introduced the possibility of a heap overflow in the processing of malformed XPointer expressions in the XML Signature Reference processing code, possibly leading to arbitrary code execution.
Platform: |
Debian 7.0 |
Debian 6.0 |
Product: |
libxml-security-c15 |