CVE-2016-0718: Expat XML Parser Crashes on Malformed Input

[Gustavo Grieco <gustavo.grieco () gmail com>]

CVE-2016-0718: Expat XML Parser Crashes on Malformed Input

Severity: Critical

Versions Affected: All Expat XML Parser library versions

Description: The Expat XML parser mishandles certain kinds of malformed
input documents, resulting in buffer overflows during processing and error
reporting. The overflows can manifest as a segmentation fault or as memory
corruption during a parse operation. The bugs allow for a denial of service
attack in many applications by an unauthenticated attacker, and could
conceivably result in remote code execution.

Mitigation: Applications that are using Expat should apply the
attached patch as soon as possible.

Credit: this issue was reported by Gustavo Grieco

and patched by:

* Pascal Cuoq
* Christian Heimes
* Karl Waclawek
* Gustavo Grieco
* Sebastian Pipping

Attachment: CVE-2016-0718-v2-2-1.patch
Description: