expat2 -- denial of service

ID FF76F0E0-3F11-11E6-B3C8-14DAE9D210B8
Type freebsd
Reporter FreeBSD
Modified 2016-11-30T00:00:00


Adam Maris reports:

It was found that original patch for issues CVE-2015-1283 and CVE-2015-2716 used overflow checks that could be optimized out by some compilers applying certain optimization settings, which can cause the vulnerability to remain even after applying the patch.