#537 CVE-2016-0718

Feature Request

CVE-2016-0718: Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

Patch used for Debian can be found here.


  • Sebastian Pipping

    • status: open --> closed-fixed
  • Sebastian Pipping

    Hello David!
    We made those very patches and they are in Git by now, as well. Please re-open if this is a misunderstanding.

  • David Dillard

    David Dillard - 2016-05-28

    My apologies, I looked for an issue logged for this by CVE ID, didn't realize it was already fixed.

    Is there an expected release date for an update with the fix in it? I've been looking through the updates trying to figure out exactly which one(s) were used to fix the issue and I'm having trouble figuring it out. It seems multiple checkins were done. I also see some other interesting changes that seem worthy of pushing out in a release.


  • Sebastian Pipping

    For a next release maybe two weeks or so. I see worth in a new release, too.

    On the related commits, it's a squash of these eight trivially rebased against tag R_2_1_1:

    # git --no-pager log be4b1c06daba1849b8ff5e00bae5caf47f6c39fd^2 --oneline -8
    a1bc009 Do not compare an out-of-bounds pointer. [..]
    5c9cc0e Avoid undefined behavior when computing larger blockSize. [..]
    e375ac8 Complete XmlConvert return value handling
    9ff1d64 Do not grow pool to out-of-memory for incomplete input
    a9b80b4 Make converters tell state on termination (v3)
    e18829b Prevent out-of-bounds access in text conversion
    2cac066 Fix two integer overflows
    bb1fd81 Fix overflow (v2)

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks