You are viewing a plain text version of this content. The canonical link for it is here.

Posted to c-dev@xerces.apache.org by "Even Rouault (Jira)" <xe...@xml.apache.org> on 2022/01/23 15:35:00 UTC

[jira] [Commented] (XERCESC-2188) Use-after-free on external DTD scan

    [ https://issues.apache.org/jira/browse/XERCESC-2188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17480656#comment-17480656 ] 

Even Rouault commented on XERCESC-2188:
---------------------------------------

My attempt at fixing the issue in https://github.com/apache/xerces-c/pull/47

> Use-after-free on external DTD scan
> -----------------------------------
>
>                 Key: XERCESC-2188
>                 URL: https://issues.apache.org/jira/browse/XERCESC-2188
>             Project: Xerces-C++
>          Issue Type: Bug
>          Components: Validating Parser (DTD)
>    Affects Versions: 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.1.1, 3.1.2, 3.2.0, 3.1.3, 3.1.4, 3.2.1, 3.2.2
>            Reporter: Scott Cantor
>            Priority: Major
>         Attachments: Apache-496067-disclosure-report.pdf
>
>
> This is a record of an unfixed bug reported in 2018 in the DTD scanner, per the attached PDF, corresponding to CVE-2018-1311.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@xerces.apache.org
For additional commands, e-mail: c-dev-help@xerces.apache.org