rpm package
suse/Xerces-c&distro=SUSE Linux Enterprise Software Development Kit 11 SP4
pkg:rpm/suse/Xerces-c&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-12627 | Cri | 9.8 | < 2.8.0-29.17.5.1 | 2.8.0-29.17.5.1 | Mar 1, 2018 | In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions. | |
| CVE-2016-4463 | Hig | 7.5 | < 2.8.0-29.17.5.1 | 2.8.0-29.17.5.1 | Jul 8, 2016 | Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD. |
- affected < 2.8.0-29.17.5.1fixed 2.8.0-29.17.5.1
In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions.
- affected < 2.8.0-29.17.5.1fixed 2.8.0-29.17.5.1
Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows context-dependent attackers to cause a denial of service via a deeply nested DTD.