libexpat - (bulletinoct2019)| ID: oval:org.secpod.oval:def:2105077 | Date: (C)2019-12-30 (M)2024-04-15 |
| Class: PATCH | Family: unix |
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
| Product: |
| runtime/python-27 |
| runtime/python-27/tests |
| library/python/tkinter-27 |
| library/expat |
| web/data/firefox-bookmarks |
| web/browser/firefox |
| mail/thunderbird |
| mail/thunderbird/plugin/thunderbird-lightning |
