{"id":"MGASA-2015-0136","summary":"Updated xerces-c packages fix security vulnerabilities","details":"Updated xerces-c packages fix security vulnerability:\n\nAnton Rager and Jonathan Brossard from the Salesforce.com Product Security\nTeam and Ben Laurie of Google discovered a denial of service vulnerability in\nxerces-c. The parser mishandles certain kinds of malformed input documents,\nresulting in a segmentation fault during a parse operation. An\nunauthenticated attacker could use this flaw to cause an application using\nthe xerces-c library to crash (CVE-2015-0252).\n","modified":"2026-04-16T06:23:16.236469363Z","published":"2015-04-09T22:44:14Z","upstream":["CVE-2015-0252"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0136.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=15538"},{"type":"ADVISORY","url":"http://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt"},{"type":"WEB","url":"https://www.debian.org/security/2015/dsa-3199"}],"affected":[{"package":{"name":"xerces-c","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/xerces-c?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.1.2-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0136.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}