Your submission was sent successfully! Close


Published: 01 March 2018

In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions.

From the Ubuntu security team

It was discovered that Xerces-C++ mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer. An attacker could use this vulnerability to cause a denial of service.



CVSS 3 base score: 9.8


Package Release Status
Launchpad, Ubuntu, Debian
Released (3.1.4+debian-2+deb9u1, 3.2.1+debian-2)
Ubuntu 21.10 (Impish Indri) Not vulnerable
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (3.1.1-5.1+deb8u4build0.14.04.1)