[3.0] expat: Multiple integer overflows in the XML_GetBuffer function (CVE-2015-1283)
Multiple integer overflows in the XML_GetBuffer function in Expat
through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other
products,
allow remote attackers to cause a denial of service (heap-based buffer
overflow) or possibly have unspecified other impact via crafted XML
data, a related issue to CVE-2015-2716.
References:
http://expat.sourceforge.net
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1283
(from redmine: issue id 5571, created on 2016-05-16, closed on 2016-06-02)
- Relations:
- parent #5567 (closed)