It was discovered that Xerces-C++ XML Parser mishandles certain kinds of
external DTD references, resulting in a user-after-free. An attacker could
use this vulnerability to cause a denial of service (crash) or possibly
execute arbitrary code. This issue affected only Ubuntu 16.04 ESM.
(CVE-2016-2099)
It was discovered that Xerces-C++ XML Parser fails to successfully parse a
DTD that is too deeply nested. An unauthenticated attacker could use this
vulnerability to cause a denial of service. This issue affected only Ubuntu
16.04 ESM. (CVE-2016-4463)
It was discovered that Xerces-C++ mishandles certain kinds of external DTD
references, resulting in dereference of a NULL pointer. An attacker could
use this vulnerability to cause a denial of service. (CVE-2017-12627)