Security Advisory Description
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. (CVE-2022-43680)
Impact
System performance degradation can occur until the process is forced to restart. This vulnerability allows a remote authenticated attacker to cause a degradation of service that can lead to a denial-of-service (DoS) on the affected system.