Launchpad.net

CVE 2013-2154

Stack-based buffer overflow in the XML Signature Reference functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions, probably related to the DSIGReference::getURIBaseTXFM function.

Related bugs and status

CVE-2013-2154 (Candidate) is related to these bugs:

Bug #1192874: heap overflow while processing InclusiveNamespace PrefixList

		In	Importance	Status
1192874	heap overflow while processing InclusiveNamespace PrefixList	xml-security-c (Ubuntu)	Undecided	Fix Released
1192874	heap overflow while processing InclusiveNamespace PrefixList	xml-security-c (Ubuntu Precise)	Undecided	Fix Released
1192874	heap overflow while processing InclusiveNamespace PrefixList	xml-security-c (Ubuntu Quantal)	Undecided	Fix Released
1192874	heap overflow while processing InclusiveNamespace PrefixList	xml-security-c (Ubuntu Raring)	Undecided	Fix Released
1192874	heap overflow while processing InclusiveNamespace PrefixList	xml-security-c (Ubuntu Saucy)	Undecided	Fix Released

Bug #1199969: Fix for CVE-2013-2154 introduced another possible heap overflow

		In	Importance	Status
1199969	Fix for CVE-2013-2154 introduced another possible heap overflow	xml-security-c (Ubuntu)	High	Fix Released
1199969	Fix for CVE-2013-2154 introduced another possible heap overflow	xml-security-c (Ubuntu Precise)	Undecided	Fix Released
1199969	Fix for CVE-2013-2154 introduced another possible heap overflow	xml-security-c (Ubuntu Quantal)	Undecided	Fix Released
1199969	Fix for CVE-2013-2154 introduced another possible heap overflow	xml-security-c (Ubuntu Raring)	Undecided	Fix Released
1199969	Fix for CVE-2013-2154 introduced another possible heap overflow	xml-security-c (Ubuntu Saucy)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-2154

Related bugs and status

Related bugs

References