Apache » Xerces-c++ : Security Vulnerabilities, CVEs, CVSS score >= 9
In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions.
Max CVSS
9.8
EPSS Score
2.76%
Published
2018-03-01
Updated
2021-07-31
Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document.
Max CVSS
10.0
EPSS Score
0.37%
Published
2016-05-13
Updated
2018-10-30
2 vulnerabilities found