raptor2: heap-based buffer overflow flaws (CVE-2017-18926)
raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml).
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-18926
Patch:
https://github.com/dajobe/raptor/commit/590681e546cd9aa18d57dc2ea1858cb734a3863f
Affected branches:
-
master -
3.12-stable