11 matches found
CVE-2024-23807
CVE-2024-23807 affects the Apache Xerces-C++ XML parser (versions 3.0.0 up to, but not including, 3.2.5) due to a use-after-free when scanning external DTDs. Patched in 3.2.5; mitigations include disabling DTD processing (DOM: standard feature; SAX: XERCES_DISABLE_DTD). Connected documents corrob...
CVE-2018-1311
CVE-2018-1311 describes a use-after-free in the Apache Xerces-C++ XML parser when scanning external DTDs. Publicly reported ranges indicate impact on Xerces-C versions 3.0.0–3.2.3, with no fixes in those older maintained lines and mitigation limited to disabling DTD processing (via DOM feature or...
CVE-2017-12627
CVE-2017-12627 affects Xerces-C XML Parser prior to 3.2.1. Processing external DTD paths can cause a NULL pointer dereference, with potential denial of service and possible remote code execution in vulnerable configurations. Public advisories (Arch Linux ASA-201803-23 and Debian DLA-1328-1) confi...
CVE-2016-4463
CVE-2016-4463 affects the Xerces-C++ XML parser. A stack-based overflow occurs when processing deeply nested DTDs, allowing a context-dependent attacker to cause a denial of service. The vulnerability applies to Xerces-C++ versions before 3.1.4; the recommended remediation is upgrading to 3.1.4 o...
CVE-2023-37536
CVE-2023-37536 : Xeroxes-c++ 3.2.3 in BigFix Platform is affected by an integer overflow that enables out-of-bounds access via crafted HTTP requests, potentially allowing remote code execution or application crash. Connected sources corroborate a vulnerable BigFix component and cite the overflow ...
CVE-2016-2099
The CVE-2016-2099 entry affects Apache Xerces-C++ up to version 3.1.3, with a use-after-free in validators/DTD/DTDScanner.cpp that can be triggered by an invalid character in an XML document. The issue enables context-dependent attackers to cause unspecified impact. Public advisories and vendor u...
CVE-2015-0252
CVE-2015-0252 affects the Xerces-C XML parser. A flaw in how the parser processes certain malformed XML caused a crash (segmentation fault) in xerces-c’s XMLReader, leading to a denial of service. Connected advisories confirm a patch was backported and an updated xerces-c package is released (Cen...
CVE-2012-0880
CVE-2012-0880 affects Apache Xerces-C++, allowing a remote attacker to cause a denial of service (CPU consumption) by sending a crafted XML message that triggers hash table collisions. Based on connected documents, impact is high (CVSS v3 base 7.5, AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). remediatio...
CVE-2004-1575
CVE-2004-1575 affects Xerces-C++ 2.5.0, where the XML parser can be induced to consume CPU (DoS) by crafted XML attributes. Public references (NVD/NIST, CVE records) classify the impact as a Denial of Service with a base score of 5.0 (Medium). Connected sources corroborate that the DoS arises fro...
CVE-2009-1885
The CVE-2009-1885 entry concerns a stack-consumption vulnerability in Apache Xerces-C++ (validator DTDScanner.cpp) affecting Xerces-C++ 2.7.0 and 2.8.0, enabling a context-dependent DoS (crash) via deeply nested DTD structures and invalid byte values, as demonstrated by the XML fuzzing framework....
CVE-2008-4482
Xerces-C++ vulnerability CVE-2008-4482: The XML parser (before 3.0.0) is exploitable via a crafted XML schema definition with a large maxOccurs value, causing excessive memory consumption during validation and leading to a denial of service (stack growth/crash). Affected component: Xerces-C++ XML...