xerces-c: denial of service

ID ASA-201503-19
Type archlinux
Reporter Arch Linux
Modified 2015-03-20T00:00:00


  • CVE-2015-0252 (denial of service)

The Xerces-C XML parser mishandles certain kinds of malformed input documents, resulting in a segmentation fault during a parse operation. The bug does not appear to allow for remote code execution, but is a denial of service attack that in many applications may allow for an unauthenticated attacker to supply malformed input and cause a crash.