CVE-2013-2210: Apache Santuario XML Security for C++ contains a heap
overflow during XPointer evaluation

Severity: Critical

Vendor: The Apache Software Foundation

Versions Affected: Apache Santuario XML Security for C++ library versions
prior to V1.7.2

Description: The attempted fix to address CVE-2013-2154 introduced the
possibility of a heap overflow, possibly leading to arbitrary code
execution, in the processing of malformed XPointer expressions in the
XML Signature Reference processing code.

An attacker could use this to exploit an application performing
signature verification if the application does not block the
evaluation of such references prior to performing the verification
step. The exploit would occur prior to the actual verification of
the signature, so does not require authenticated content.

Mitigation: Applications that do not otherwise prevent the evaluation of
XPointer expressions during signature verification and are using library
versions older than V1.7.2 should upgrade as soon as possible. Distributors
of older versions should apply the patches from this subversion revision:

http://svn.apache.org/viewvc?view=revision&revision=r1496703

Credit: This issue was reported by Jon Erickson of iSIGHT Partners Labs

References:
http://santuario.apache.org/
http://santuario.apache.org/secadv.data/CVE-2013-2154.txt