| Severity |
|
| Remote |
|
| Type |
| - |
Unknown |
| + |
Denial of service |
|
| Description |
| + |
A security issue has been found in libexpat before 2.2.8, where crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read |
|
| References |
| + |
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html |
| + |
https://crbug.com/1004341 |
| + |
https://github.com/libexpat/libexpat/issues/317 |
| + |
https://github.com/libexpat/libexpat/pull/318 |
|
| Notes |
|