It was discovered that Xerces-C++ XML Parser mishandles certain kinds of external DTD references, resulting in a user-after-free. An attacker could use this vulnerability to cause a denial of service (crash) or possibly execute arbitrary code. This issue affected only Ubuntu 16.04 ESM. (CVE-2016-2099)
It was discovered that Xerces-C++ XML Parser fails to successfully parse a DTD that is too deeply nested. An unauthenticated attacker could use this vulnerability to cause a denial of service. This issue affected only Ubuntu 16.04 ESM. (CVE-2016-4463)
It was discovered that Xerces-C++ mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer. An attacker could use this vulnerability to cause a denial of service. (CVE-2017-12627)
{ "binaries": [ { "binary_name": "libxerces-c-dev", "binary_version": "3.1.3+debian-1ubuntu0.1~esm1" }, { "binary_name": "libxerces-c-doc", "binary_version": "3.1.3+debian-1ubuntu0.1~esm1" }, { "binary_name": "libxerces-c-samples", "binary_version": "3.1.3+debian-1ubuntu0.1~esm1" }, { "binary_name": "libxerces-c-samples-dbgsym", "binary_version": "3.1.3+debian-1ubuntu0.1~esm1" }, { "binary_name": "libxerces-c3.1", "binary_version": "3.1.3+debian-1ubuntu0.1~esm1" }, { "binary_name": "libxerces-c3.1-dbgsym", "binary_version": "3.1.3+debian-1ubuntu0.1~esm1" } ], "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro" }
{ "binaries": [ { "binary_name": "libxerces-c-dev", "binary_version": "3.2.0+debian-2ubuntu0.1~esm1" }, { "binary_name": "libxerces-c-doc", "binary_version": "3.2.0+debian-2ubuntu0.1~esm1" }, { "binary_name": "libxerces-c-samples", "binary_version": "3.2.0+debian-2ubuntu0.1~esm1" }, { "binary_name": "libxerces-c-samples-dbgsym", "binary_version": "3.2.0+debian-2ubuntu0.1~esm1" }, { "binary_name": "libxerces-c3.2", "binary_version": "3.2.0+debian-2ubuntu0.1~esm1" }, { "binary_name": "libxerces-c3.2-dbgsym", "binary_version": "3.2.0+debian-2ubuntu0.1~esm1" } ], "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro" }