Your submission was sent successfully! Close

CVE-2017-12627

Published: 01 March 2018

In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions.

From the Ubuntu security team

It was discovered that Xerces-C++ mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer. An attacker could use this vulnerability to cause a denial of service.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
xerces-c
Launchpad, Ubuntu, Debian
Upstream
Released (3.1.4+debian-2+deb9u1, 3.2.1+debian-2)
Ubuntu 21.10 (Impish Indri) Not vulnerable
(3.2.1+debian-2)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(3.2.1+debian-2)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(3.2.1+debian-2)
Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (3.1.1-5.1+deb8u4build0.14.04.1)