{"id":"MGASA-2024-0338","summary":"Updated mozjs78 packages fix security vulnerabilities","details":"An issue was discovered in libexpat before 2.6.3. xmlparse.c does not\nreject a negative length for XML_ParseBuffer. (CVE-2024-45490)\nAn issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c\ncan have an integer overflow for nDefaultAtts on 32-bit platforms (where\nUINT_MAX equals SIZE_MAX). (CVE-2024-45491)\nAn issue was discovered in libexpat before 2.6.3. nextScaffoldPart in\nxmlparse.c can have an integer overflow for m_groupSize on 32-bit\nplatforms (where UINT_MAX equals SIZE_MAX). (CVE-2024-45492)\n","modified":"2026-04-16T00:11:13.564235208Z","published":"2024-10-27T02:37:06Z","upstream":["CVE-2024-45490","CVE-2024-45491","CVE-2024-45492"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0338.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33630"},{"type":"WEB","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/NII5WWMANSN5NYNMNOK7LJ2P5FT7TW5X/"}],"affected":[{"package":{"name":"mozjs78","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/mozjs78?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"78.15.0-7.1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0338.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}