DSA-3199-1 xerces-c -- xerces-cID: oval:org.secpod.oval:def:602008 | Date: (C)2015-03-26 (M)2023-02-13 |
Class: PATCH | Family: unix |
Anton Rager and Jonathan Brossard from the Salesforce.com Product Security Team and Ben Laurie of Google discovered a denial of service vulnerability in xerces-c, a validating XML parser library for C++. The parser mishandles certain kinds of malformed input documents, resulting in a segmentation fault during a parse operation. An unauthenticated attacker could use this flaw to cause an application using the xerces-c library to crash.