{"id":"MGASA-2017-0214","summary":"Updated expat packages fix security vulnerabilities","details":"Gustavo Grieco discovered an integer overflow flaw during parsing of\nXML. An attacker can take advantage of this flaw to cause a denial of\nservice against an application using the Expat library (CVE-2016-9063).\n\nRhodri James discovered an infinite loop vulnerability within the\nentityValueInitProcessor() function while parsing malformed XML in an\nexternal entity. An attacker can take advantage of this flaw to cause a\ndenial of service against an application using the Expat library\n(CVE-2017-9233).\n","modified":"2026-04-16T01:47:25.771470176Z","published":"2017-07-23T19:58:56Z","upstream":["CVE-2016-9063","CVE-2017-9233"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0214.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=21108"},{"type":"WEB","url":"https://www.debian.org/security/2017/dsa-3898"}],"affected":[{"package":{"name":"expat","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/expat?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.0-9.5.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0214.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}