xerces-c

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A validating XML parser written in a portable subset of C++
Version 3.2.5-2 [extra]

Open

Group Affected Fixed Severity Status Ticket
AVG-1354 3.2.3-5 Medium Vulnerable
Issue Group Severity Remote Type Description
CVE-2018-1311 AVG-1354 Medium Yes Arbitrary code execution
The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after- free error triggered during the scanning of external DTDs. This flaw has not been...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-644 3.2.0-2 3.2.1-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2017-12627 AVG-644 High Yes Arbitrary code execution
The Xerces-C XML parser mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer while processing the path to the...

Advisories

Date Advisory Group Severity Type
25 Mar 2018 ASA-201803-23 AVG-644 High arbitrary code execution