FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

xerces-c3 -- Parser Crashes on Malformed Input

Affected packages
xerces-c3 < 3.1.3

Details

VuXML ID a7f2e9c6-de20-11e5-8458-6cc21735f730
Discovery 2016-02-25
Entry 2016-02-28

The Apache Software Foundation reports:

The Xerces-C XML parser mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. The bugs allow for a denial of service attack in many applications by an unauthenticated attacker, and could conceivably result in remote code execution.

References

CVE Name CVE-2016-0729
URL http://xerces.apache.org/xerces-c/secadv/CVE-2016-0729.txt