CVE-2009-1885

Apache Xerces C++ 2.7.0-2.8.0 - DoS

Title source: llm
STIX 2.1

Description

Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.

References (15)

Core 15
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35986
Various Sources x_refsource_misc
http://www.codenomicon.com/labs/xml/
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36201
Patch, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2196
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:223
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/52321

Scores

EPSS 0.0532
EPSS Percentile 91.7%

Details

CWE
CWE-119
Status published
Products (2)
apache/xerces-c\+\+ 2.7.0
apache/xerces-c\+\+ 2.8.0
Published Aug 11, 2009
Tracked Since Feb 18, 2026