In Apache Xerces-C XML Parser library prior to 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions.
Debian Bug report logs -
#894050
xerces-c: CVE-2017-12627: Null pointer dereference while processing the path to DTD allows denial of service
Package:
src:xerces-c;
Maintainer for src:xerces-c is William Blough <bblough@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sun, 25 Mar 2018 20:03:01 ...
In Apache Xerces-C XML Parser library before 321, processing of external DTD paths can result in a null pointer dereference under certain conditions ...
The Xerces-C XML parser mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer while processing the path to the DTD The bug allows for a denial of service attack in applications that allow DTD processing and do not prevent external DTD usage, and could conceivably result in remote code execution ...