CVE-2016-2099: xerces-c: Use-after-free in heap on specially crafted XML input

Severity: Critical

CVSS Score: 9.8

Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document.