The Xerces-C XML parser mishandles certain kinds of malformed input documents, resulting in a segmentation fault during a parse operation. The bug does not appear to allow for remote code execution, but is a denial of service attack that in many applications may allow for an unauthenticated attacker to supply malformed input and cause a crash. Versions of the library prior to 3.1.2 are affected.
3dd245d7876fe454d3a8c1ec13a6484e7872039a9697ae145a93ae658dfca1a2
Apache Santuario XML Security for C++ library versions prior to 1.6.1 suffer from multiple buffer overflows when signing and verifying large keys.
7d90e9019ddd3fff89b181daaaed2d5e7ba0b2a6e22d003a938dd0aae8c79f8e