XML issue, NiXPS SDK unaffected
The Register reports
the discovery of an XML flaw that appears to affect a lot of different XML libraries, as such it seems to be more of a design issue with XML, than a regular software bug.
XPS contains a lot of XML, so it's an issue that is of interest to the XPS community.
The details are scarce, but by looking at the references on the CERT advisory
it seems to be related to the DTD an XML file can contain; and more specifically related to recursive DTD references.
The Apache software foundation publishes a very popular XML parsing library, Xerces.
They have implemented a fix, and the commit message
appears to be: 'Avoid recursion when parsing simply nested DTD structures.' So we can safely assume that DTD recursion is at play here.
Our NiXPS SDK does not contain a third party XML parsing library, as we regarded the XML processing very vital and core to XPS processing, that we decided not to use a third party library for this.
The XML parsing implementation in the NiXPS SDK is immune to this DTD recursion issue.