DSA-3898-1 expat -- expatID: oval:org.secpod.oval:def:602951 | Date: (C)2017-07-05 (M)2024-01-29 |
Class: PATCH | Family: unix |
Multiple vulnerabilities have been discovered in Expat, an XML parsing C library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-9063 Gustavo Grieco discovered an integer overflow flaw during parsing of XML. An attacker can take advantage of this flaw to cause a denial of service against an application using the Expat library. CVE-2017-9233 Rhodri James discovered an infinite loop vulnerability within the entityValueInitProcessor function while parsing malformed XML in an external entity. An attacker can take advantage of this flaw to cause a denial of service against an application using the Expat library.
Platform: |
Debian 8.x |
Debian 9.x |
Product: |
expat |
libexpat1 |
lib64expat1 |