Francisco Oca

**Name of the Vulnerable Software and Affected Versions** Apache Xerces-C XML Parser library versions prior to 3.2.1 **Description** The issue is related to the incorrect processing of external DTD paths in the Apache Xerces-C XML Parser library, which can lead to a null pointer dereference under certain conditions. This can potentially allow a remote attacker to cause a denial of service. **Recommendations** For versions prior to 3.2.1, update to version 3.2.1 or later to resolve the issue. As a temporary workaround, consider restricting the processing of external DTD paths until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Poppler versions prior to 0.56 **Description** The issue is related to a stack buffer overflow in GfxState.cc in pdftocairo, which can be triggered by a crafted PDF document, leading to a denial of service (application crash). **Recommendations** For versions prior to 0.56, update to version 0.56 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Poppler versions prior to 0.56 **Description** The issue is related to an integer overflow that leads to a heap buffer overflow in the JBIG2Stream.cc file within the pdftocairo component of Poppler. This can be triggered by remote attackers using a crafted PDF document, potentially causing a denial of service (application crash) or other unspecified impacts. **Recommendations** For versions prior to 0.56, update to version 0.56 or later to resolve the issue. As a temporary workaround, consider restricting the handling of PDF documents from untrusted sources until the update is applied.