Problem Description:
A vulnerability has been found and corrected in xerces-c:
Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in
Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to
cause a denial of service (application crash) via vectors involving
nested parentheses and invalid byte values in simply nested DTD
structures, as demonstrated by the Codenomicon XML fuzzing framework
(CVE-2009-1885).
Problem Description:
A vulnerability has been found and corrected in xerces-c:
Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in
Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to
cause a denial of service (application crash) via vectors involving
nested parentheses and invalid byte values in simply nested DTD
structures, as demonstrated by the Codenomicon XML fuzzing framework
(CVE-2009-1885).
- the library LIBCURL.DLL of the outdated, unsupported and
vulnerable cURL 7.14.1 from 2005-09-05 (see
<http://curl.haxx.se/libcurl/>);
- the libraries xerces-c_2_6.dll and xerces-depdom_2_6.dll of
the outdated and unsupported Xerces 2.6 (see
<http://xerces.apache.org/xerces-c/releases.html> as well as
<http://xerces.apache.org/xerces-c/releases_archive.html>);
- the library CM32L7.DLL of vendor "combit GmbH" which has been
