CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input

[Cantor, Scott]

> Am I correct that an unpatched system is susceptible to a remote code
> execution, or is it just a service crash?

If you ask me, the answer is I don't know and I assume the worst. If you ask Red Hat, the advisory they issued says they think it's just a crash. You would have to ask them why they concluded that, but the CVE text I provided was consistent in referring to it as a potential remote code execution vulnerability.

-- Scott