vulnerability

Ubuntu: (CVE-2024-23807): xerces-c vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Feb 29, 2024	Jan 19, 2026	Jan 19, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Feb 29, 2024

Added

Jan 19, 2026

Modified

Jan 19, 2026

Description

The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs.

Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable.

This issue has been disclosed before as CVE-2018-1311, but unfortunately that advisory incorrectly stated the issue would be fixed in version 3.2.3 or 3.2.4.

Solution

ubuntu-pro-upgrade-xerces-c

References

CVE-2024-23807
https://attackerkb.com/topics/CVE-2024-23807
CWE-416
URL-https://www.cve.org/CVERecord?id=CVE-2024-23807

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today