expat: arbitrary code execution

ID ASA-201603-23
Type archlinux
Reporter Arch Linux
Modified 2016-03-24T00:00:00


Multiple integer overflows in the XML_GetBuffer() function in Expat through 2.1.0 allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.