FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

expat -- multiple vulnerabilities

Affected packages
expat < 2.2.1
libwww < 5.4.2
linux-c6-expat <= 2.0.1_5
linux-c7-expat <= 2.1.0_2

Details

VuXML ID e375ff3f-7fec-11e8-8088-28d244aee256
Discovery 2016-10-27
Entry 2018-07-05

Mitre reports:

An integer overflow during the parsing of XML using the Expat library.

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.

References

CVE Name CVE-2016-9063
CVE Name CVE-2017-9233
URL http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063
URL http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9233
URL https://libexpat.github.io/doc/cve-2017-9233/