Your submission was sent successfully! Close

CVE-2016-0729

Published: 07 April 2016

Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
xerces-c
Launchpad, Ubuntu, Debian
Upstream
Released (V3.1.3)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(3.1.3+debian-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(3.1.3+debian-1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (3.1.1-5.1+deb8u1build0.14.04.1)
Patches:
Upstream: http://svn.apache.org/viewvc?view=revision&revision=1727978