Advisories ยป MGASA-2016-0193

Updated expat packages fix security vulnerability

Publication date: 20 May 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-0718


Gustavo Grieco discovered that Expat does not properly handle certain
kinds of malformed input documents, resulting in buffer overflows during
processing and error reporting. A remote attacker can take advantage of
this flaw to cause an application using the Expat library to crash, or
potentially, to execute arbitrary code with the privileges of the user
running the application (CVE-2016-0718).