CVE-2013-2210

EPSS 1.6%

xml-security-c - heap overflow

Published: 8/20/2013Modified: 4/28/2026

Description

Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions. NOTE: this is due to an incorrect fix for CVE-2013-2154.

Affected packages (2)

Debian/xml-security-cfrom 0, < 1.6.1-7
Debian/xml-security-cfrom 0, < 1.5.1-3+squeeze3

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-2210