CVE-2009-1885
EPSS 14.1%
Description
Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrated by the Codenomicon XML fuzzing framework.
How to fix CVE-2009-1885
To remediate CVE-2009-1885, upgrade the affected package to a fixed version below.
- Debian/xerces-c—upgrade to 3.0.1-2 or later
Is CVE-2009-1885 being exploited?
Moderate — EPSS is 14.1%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 3.0.1-2