The Apache Xerces-C 3.0.0 to 3.2.2 XML parser contains a...
Moderate severity
Unreviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Feb 16, 2024
Description
Published by the National Vulnerability Database
Dec 18, 2019
Published to the GitHub Advisory Database
May 24, 2022
Last updated
Feb 16, 2024
The Apache Xerces-C 3.0.0 to 3.2.2 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library and has no current mitigation other than to disable DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.
References