{"id":"OESA-2024-1815","summary":"mozjs78 security update","details":"Security Fix(es):\r\n\r\nIn Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).(CVE-2021-45960)\r\n\r\nxmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.(CVE-2022-25235)","modified":"2026-03-11T06:47:33.117473Z","published":"2024-07-05T11:08:27Z","upstream":["CVE-2021-45960","CVE-2022-25235"],"database_specific":{"severity":"Critical"},"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1815"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45960"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25235"}],"affected":[{"package":{"name":"mozjs78","ecosystem":"openEuler:20.03-LTS-SP4","purl":"pkg:rpm/openEuler/mozjs78&distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"78.4.0-9.oe2003sp4"}]}],"ecosystem_specific":{"aarch64":["mozjs78-78.4.0-9.oe2003sp4.aarch64.rpm","mozjs78-debuginfo-78.4.0-9.oe2003sp4.aarch64.rpm","mozjs78-debugsource-78.4.0-9.oe2003sp4.aarch64.rpm","mozjs78-devel-78.4.0-9.oe2003sp4.aarch64.rpm"],"x86_64":["mozjs78-78.4.0-9.oe2003sp4.x86_64.rpm","mozjs78-debuginfo-78.4.0-9.oe2003sp4.x86_64.rpm","mozjs78-debugsource-78.4.0-9.oe2003sp4.x86_64.rpm","mozjs78-devel-78.4.0-9.oe2003sp4.x86_64.rpm"],"noarch":["mozjs78-help-78.4.0-9.oe2003sp4.noarch.rpm"],"src":["mozjs78-78.4.0-9.oe2003sp4.src.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2024-1815.json"}}],"schema_version":"1.7.5"}