FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

expat -- multiple vulnerabilities

Affected packages
expat < 2.2.1
libwww < 5.4.2

Details

VuXML ID e375ff3f-7fec-11e8-8088-28d244aee256
Discovery 2016-10-27
Entry 2018-07-05

Mitre reports:

An integer overflow during the parsing of XML using the Expat library.

[source]

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.

[source]

References

CVE Name CVE-2016-9063
CVE Name CVE-2017-9233
URL http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063
URL http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9233
URL https://libexpat.github.io/doc/cve-2017-9233/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.