VDB

GCVE-VVD-MAGEIA-2018-178

GCVE-VVD-MAGEIA-2018-178
Advisory Published
Vulnetix · Advisory published December 1, 2018
The Xerces-C XML parser mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer while processing the path to the DTD. The bug allows for a denial of service attack in applications that allow DTD processing and do not prevent external DTD usage, and could conceivably result in remote code execution (CVE-2017-12627).
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiakmod-virtualbox0 (affected), 5.2.22-2.mga6 (unaffected)
Mageiavirtualbox0 (affected), 5.2.22-1.1.mga6 (unaffected)
Mageiakmod-vboxadditions0 (affected), 5.2.22-2.mga6 (unaffected)
Mageiaxerces-c0 (affected), 3.1.2-1.4.mga5 (unaffected), 0 (affected), 3.1.2-1.4.mga5 (unaffected)

Aliases

CVE-2017-12627

Transitive aliases

VVD-MAGEIA-2018-158BDU:2019-00445GHSA-rh3v-mpfh-4wwjEUVD-2017-4173

References

Updated xerces-c packages fix security vulnerability
advisory
Updated xerces-c packages fix security vulnerability
issue
Updated xerces-c packages fix security vulnerability
issue
Updated virtualbox packages fix missing kvm auto-detection
advisory
Updated virtualbox packages fix missing kvm auto-detection
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›