CVE-2015-0252: Apache Xerces-C XML Parser Crashes on Malformed Input Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Xerces-C XML Parser library versions prior to V3.1.2 Description: The Xerces-C XML parser mishandles certain kinds of malformed input documents, resulting in a segmentation fault during a parse operation. The bug does not appear to allow for remote code execution, but is a denial of service attack that in many applications may allow for an unauthenticated attacker to supply malformed input and cause a crash. Mitigation: Applications that are using library versions older than V3.1.2 should upgrade as soon as possible. Distributors of older versions should apply the patches from this subversion revision: http://svn.apache.org/viewvc?view=revision&revision=1667870 Credit: This issue was reported independently by Anton Rager and Jonathan Brossard from the Salesforce.com Product Security Team and by Ben Laurie of Google. References: http://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt