| Package | xerces-c |
|---|---|
| Version | 3.1.1-5.1+deb8u6 (jessie), 3.1.4+debian-2+deb9u3 (stretch) |
| Related CVEs | CVE-2023-37536 |
Even Rouault discovered that xerces-c, a validating XML parser library for C++, was vulnerable to integer overflow via crafted .xsd files, which can lead to out-of-bounds access.
For Debian 8 jessie, these problems have been fixed in version 3.1.1-5.1+deb8u6.
For Debian 9 stretch, these problems have been fixed in version 3.1.4+debian-2+deb9u3.
We recommend that you upgrade your xerces-c packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.