oss-sec mailing list archives
CVE-2022-43680: Apache OpenOffice: "Use after free" fixed in libexpat
From: Arrigo Marchiori <ardovm () apache org>
Date: Thu, 28 Dec 2023 22:05:32 +0100
Severity: Moderate Affected versions: - Apache OpenOffice through 4.1.15 Description: In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. References: https://openoffice.apache.org/ https://www.cve.org/CVERecord?id=CVE-2022-43680 -- Arrigo
Current thread:
- CVE-2022-43680: Apache OpenOffice: "Use after free" fixed in libexpat Arrigo Marchiori (Dec 28)