A denial-of-service vulnerability in the XML parser in Apache Xerces Java version 2.12.1 and prior versions stems from a failure to properly process incoming error messages, which could be exploited by an attacker to cause a specially crafted XML document load to XercesJXML parser to wait in an infinite loop, which in turn consumes system resources for a long time.