oss-sec mailing list archives
CVE-2022-43680: Apache OpenOffice: "Use after free" fixed in libexpat
From: Arrigo Marchiori <ardovm () apache org>
Date: Wed, 3 Jan 2024 10:01:09 +0100
*** This announcement is a correction to the one sent on 28 December 2023. *** The "Affected versions" information was wrong. Severity: Moderate Affected versions: - Apache OpenOffice through 4.1.14 Description: In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. References: https://openoffice.apache.org/ https://www.cve.org/CVERecord?id=CVE-2022-43680 -- Arrigo
Current thread:
- CVE-2022-43680: Apache OpenOffice: "Use after free" fixed in libexpat Arrigo Marchiori (Jan 03)