FreeBSD : xercesi-c3 -- multiple vulnerabilities (cb09a7aa-5344-11e6-a7bd-14dae9d210b8)

Apache reports : The Xerces-C XML parser fails to successfully parse a DTD that is deeply nested, and this causes a stack overflow, which makes a denial of service attack against many applications possible by an unauthenticated attacker. Also, CVE-2016-2099: Use-after-free vulnerability in...

xerces-c: arbitrary code execution

The DTDScanner fails to account for the fact that peeking characters in the XMLReader class can raise an exception if an invalid character is encountered, and the exception crosses stack frames in an unsafe way that causes a higher level exception handler to access an already-freed object...

MGASA-2016-0189 Updated xerces-c packages fix security vulnerability

Gustavo Grieco discovered an use-after-free vulnerability in xerces-c, due to not properly handling invalid characters in XML input documents in the DTDScanner CVE-2016-2099...

Updated xerces-c packages fix security vulnerability

Gustavo Grieco discovered an use-after-free vulnerability in xerces-c, due to not properly handling invalid characters in XML input documents in the DTDScanner CVE-2016-2099...

Debian DSA-3579-1 : xerces-c - security update

Gustavo Grieco discovered an use-after-free vulnerability in xerces-c, a validating XML parser library for C++, due to not properly handling invalid characters in XML input documents in the DTDScanner. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

Debian: Security Advisory (DSA-3579-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document...

UBUNTU-CVE-2016-2099

Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document...

CVE-2016-2099

The CVE-2016-2099 entry affects Apache Xerces-C++ up to version 3.1.3, with a use-after-free in validators/DTD/DTDScanner.cpp that can be triggered by an invalid character in an XML document. The issue enables context-dependent attackers to cause unspecified impact. Public advisories and vendor u...

Xerces DTDScanner Memory Misreference Vulnerability

Xerces is the United States Apache Apache Software Foundation of an open source XML document parsing project , but also an open source XML syntax parser , it is currently available in a variety of languages , including JAVA, C++, PERL, COM and so on. A memory misreference vulnerability exists in...

Stack overflow

Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service application crash via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrat...

CVE-2009-1885

Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service application crash via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrat...

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds. Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service application crash via vectors involving nested...

CVE-2009-1885

The CVE-2009-1885 entry concerns a stack-consumption vulnerability in Apache Xerces-C++ (validator DTDScanner.cpp) affecting Xerces-C++ 2.7.0 and 2.8.0, enabling a context-dependent DoS (crash) via deeply nested DTD structures and invalid byte values, as demonstrated by the XML fuzzing framework....

CVE-2009-1885

Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service application crash via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrat...