FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

apache-xml-security-c -- heap overflow during XPointer evaluation

Affected packages
apache-xml-security-c < 1.7.2

Details

VuXML ID 81da673e-dfe1-11e2-9389-08002798f6ff
Discovery 2013-06-27
Entry 2013-06-28

The Apache Software Foundation reports:

The attempted fix to address CVE-2013-2154 introduced the possibility of a heap overflow, possibly leading to arbitrary code execution, in the processing of malformed XPointer expressions in the XML Signature Reference processing code.

References

CVE Name CVE-2013-2210
URL http://santuario.apache.org/secadv.data/CVE-2013-2210.txt