Expat is a fast streaming XML parser written in C. Expat is vulnerable in versions prior to 2.4.3. The vulnerability stems from m_groupSize in Expat’s xmlparse.c that does not properly validate data boundaries when performing operations on memory, resulting in incorrect read and write operations being performed to other memory locations associated with it. No detailed vulnerability details are currently available.