[3.1] expat: Multiple integer overflows in the XML_GetBuffer function (CVE-2015-1283)
Multiple integer overflows in the XML_GetBuffer function in Expat
through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other
products,
allow remote attackers to cause a denial of service (heap-based buffer
overflow) or possibly have unspecified other impact via crafted XML
data, a related issue to CVE-2015-2716.
References:
http://expat.sourceforge.net
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1283
(from redmine: issue id 5570, created on 2016-05-16, closed on 2016-06-15)
- Relations:
- parent #5567 (closed)
- Changesets:
- Revision ce27c107 on 2016-06-15T07:25:18Z:
main/expat: security upgrade to 2.1.1 (CVE-2015-1283). Fixes #5570