Vulnerabilities > Apache > Xerces C > 2.7.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-03-01 | CVE-2017-12627 | NULL Pointer Dereference vulnerability in Apache Xerces-C++ In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions. | 7.5 |
2016-07-08 | CVE-2016-4463 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD. | 7.5 |
2016-05-13 | CVE-2016-2099 | Use-After-Free Remote Code Execution vulnerability in Apache Xerces Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document. | 10.0 |
2009-08-11 | CVE-2009-1885 | Buffer Errors vulnerability in Apache Xerces-C++ 2.7.0/2.8.0 Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework. | 4.3 |
2008-10-08 | CVE-2008-4482 | Improper Input Validation vulnerability in Apache Xerces-C++ The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file. | 7.8 |