libexpat - (bulletinoct2019)ID: oval:org.secpod.oval:def:2105077 | Date: (C)2019-12-30 (M)2024-04-17 |
Class: PATCH | Family: unix |
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
Product: |
runtime/python-27 |
runtime/python-27/tests |
library/python/tkinter-27 |
library/expat |
web/data/firefox-bookmarks |
web/browser/firefox |
mail/thunderbird |
mail/thunderbird/plugin/thunderbird-lightning |