The Xerces-C XML parser mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. The bugs allow for a denial of service attack in many applications by an unauthenticated attacker, and could conceivably result in remote code execution. Apache Xerces-C XML Parser library versions prior to 3.1.3 are affected.
f78b373fd91beab5983d07e6a0808ff4c3c1af8dbb9cbeb69a728c93b7f28a6d