xerces-c
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | A validating XML parser written in a portable subset of C++ |
| Version | 3.2.5-2 [extra] |
Open
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-1354 | 3.2.3-5 | Medium | Vulnerable |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2018-1311 | AVG-1354 | Medium | Yes | Arbitrary code execution | The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after- free error triggered during the scanning of external DTDs. This flaw has not been... |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-644 | 3.2.0-2 | 3.2.1-1 | High | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2017-12627 | AVG-644 | High | Yes | Arbitrary code execution | The Xerces-C XML parser mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer while processing the path to the... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 25 Mar 2018 | ASA-201803-23 | AVG-644 | High | arbitrary code execution |