CVE-2017-12627

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
The Xerces-C XML parser mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer while processing the path to the DTD. The bug allows for a denial of service attack in applications that allow DTD processing and do not prevent external DTD usage, and could conceivably result in remote code execution.
Group Package Affected Fixed Severity Status Ticket
AVG-644 xerces-c 3.2.0-2 3.2.1-1 High Fixed
Date Advisory Group Package Severity Description
25 Mar 2018 ASA-201803-23 AVG-644 xerces-c High arbitrary code execution
References
https://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt