Gustavo Grieco discovered an use-after-free vulnerability in xerces-c, due to not properly handling invalid characters in XML input documents in the DTDScanner (CVE-2016-2099).
{ "section": "core" }