It was discovered that xmlrpc-epi incorrectly handled lengths in the simplestring_addn function. A remote attacker could use this issue to cause applications using xmlrpc-epi such as PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.
{ "availability": "No subscription required", "binaries": [ { "libxmlrpc-epi-dev": "0.54.2-1.1ubuntu0.1", "libxmlrpc-epi-dev-dbgsym": "0.54.2-1.1ubuntu0.1", "libxmlrpc-epi0": "0.54.2-1.1ubuntu0.1", "libxmlrpc-epi0-dbg": "0.54.2-1.1ubuntu0.1", "libxmlrpc-epi0-dbgsym": "0.54.2-1.1ubuntu0.1" } ] }