oss-sec mailing list archives
CVE-2016-0718: Expat XML Parser Crashes on Malformed Input
From: Gustavo Grieco <gustavo.grieco () gmail com>
Date: Tue, 17 May 2016 17:16:17 -0300
CVE-2016-0718: Expat XML Parser Crashes on Malformed Input Severity: Critical Versions Affected: All Expat XML Parser library versions Description: The Expat XML parser mishandles certain kinds of malformed input documents, resulting in buffer overflows during processing and error reporting. The overflows can manifest as a segmentation fault or as memory corruption during a parse operation. The bugs allow for a denial of service attack in many applications by an unauthenticated attacker, and could conceivably result in remote code execution. Mitigation: Applications that are using Expat should apply the attached patch as soon as possible. Credit: this issue was reported by Gustavo Grieco and patched by: * Pascal Cuoq * Christian Heimes * Karl Waclawek * Gustavo Grieco * Sebastian Pipping
Attachment:
CVE-2016-0718-v2-2-1.patch
Description:
Current thread:
- CVE-2016-0718: Expat XML Parser Crashes on Malformed Input Gustavo Grieco (May 17)