CVE-2019-15903 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Denial of service
Description	A security issue has been found in libexpat before 2.2.8, where crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read

Group	Package	Affected	Fixed	Severity	Status
AVG-1055	firefox	69.0.3-1	70.0-1	Critical	Fixed
AVG-1054	thunderbird	68.1.1-1	68.2.0-1	Critical	Fixed
AVG-1053	chromium	77.0.3865.120-1	78.0.3904.70-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
26 Oct 2019	ASA-201910-17	AVG-1053	chromium	High	multiple issues
26 Oct 2019	ASA-201910-16	AVG-1055	firefox	Critical	multiple issues
26 Oct 2019	ASA-201910-15	AVG-1054	thunderbird	Critical	multiple issues

References
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html https://crbug.com/1004341 https://github.com/libexpat/libexpat/issues/317 https://github.com/libexpat/libexpat/pull/318

References

https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
https://crbug.com/1004341
https://github.com/libexpat/libexpat/issues/317
https://github.com/libexpat/libexpat/pull/318