CVE-2019-15903 log

Severity Medium
Remote Yes
Type Denial of service
A security issue has been found in libexpat before 2.2.8, where crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read
Group Package Affected Fixed Severity Status Ticket
AVG-1055 firefox 69.0.3-1 70.0-1 Critical Fixed
AVG-1054 thunderbird 68.1.1-1 68.2.0-1 Critical Fixed
AVG-1053 chromium 77.0.3865.120-1 78.0.3904.70-1 High Fixed
Date Advisory Group Package Severity Type
26 Oct 2019 ASA-201910-17 AVG-1053 chromium High multiple issues
26 Oct 2019 ASA-201910-16 AVG-1055 firefox Critical multiple issues
26 Oct 2019 ASA-201910-15 AVG-1054 thunderbird Critical multiple issues