The XML parser in Xerces-C++ 2.5.0 allows remote malicious users to cause a denial of service (CPU consumption) via XML attributes in a crafted XML document.
apache xerces-c++ 2.5.0