A vulnerability in the XMLTooling-C library of Shibboleth Service Provider could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition on a targeted system. The vulnerability exists because the affected software mishandles invalid data in the XML declaration. An attacker could exploit this vulnerability by submitting crafted XML input to a targeted system. A successful exploit could cause the application to crash, resulting in a DoS condition. Shibboleth Consortium has confirmed the vulnerability and released software updates.