CVE-2015-0252

Published: 24 March 2015

internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.

Priority

Status

Package	Release	Status
xerces-c Launchpad, Ubuntu, Debian	lucid	Ignored (end of life)
	precise	Released (3.1.1-1+deb6u1build0.12.04.1)
	trusty	Released (3.1.1-5.1~build0.14.04.1)
	upstream	Released (3.1.1-5.1)
	utopic	Released (3.1.1-5.1~build0.14.10.1)
	vivid	Released (3.1.1-5.1~build0.15.04.1)
	Patches: upstream: http://svn.apache.org/viewvc?view=revision&revision=1667870

References

http://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt
https://www.cve.org/CVERecord?id=CVE-2015-0252
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780827
https://launchpad.net/bugs/1449316

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›