Gentoo Linux Security Advisory 201612-46 - Multiple vulnerabilities have been found in Xerces-C++, the worst of which may allow remote attackers to execute arbitrary code. Versions less than 3.1.4-r1 are affected.
b6ff93ec4cb97c2958a73a0c5f5ec08c5d0a34778de7c0399fc50ae3ea0dd5feRed Hat Security Advisory 2016-0430-01 - Xerces-C is a validating XML parser written in a portable subset of C++. It was discovered that the Xerces-C XML parser did not properly process certain XML input. By providing specially crafted XML data to an application using Xerces-C for XML processing, a remote attacker could exploit this flaw to cause an application crash or, possibly, execute arbitrary code with the privileges of the application.
7190bbe0c03ec41ec385fa2a651d60b22115e280dbbfe558cbaffdaaadb0e5c3Debian Linux Security Advisory 3493-1 - Gustavo Grieco discovered that xerces-c, a validating XML parser library for C++, mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. These flaws could lead to a denial of service in applications using the xerces-c library, or potentially, to the execution of arbitrary code.
65b274c933d90cefe3382f57ce846303ac98c8a5232db435954e456e7b506eacThe Xerces-C XML parser mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. The bugs allow for a denial of service attack in many applications by an unauthenticated attacker, and could conceivably result in remote code execution. Apache Xerces-C XML Parser library versions prior to 3.1.3 are affected.
f78b373fd91beab5983d07e6a0808ff4c3c1af8dbb9cbeb69a728c93b7f28a6d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed