MGASA-2017-0214

Advisory lineage Upstream: 2 Downstream: 0

Upstream

CVE-2016-9063 CVE-2017-9233

Published: 23 Jul 2017, 19:58

Last modified:16 Apr 2026, 06:25

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

23 Jul 2017, 19:58

Published

Vulnerability first disclosed

16 Apr 2026, 06:25

Last Modified

Vulnerability information updated

Description

Updated expat packages fix security vulnerabilities Gustavo Grieco discovered an integer overflow flaw during parsing of XML. An attacker can take advantage of this flaw to cause a denial of service against an application using the Expat library (CVE-2016-9063). Rhodri James discovered an infinite loop vulnerability within the entityValueInitProcessor() function while parsing malformed XML in an external entity. An attacker can take advantage of this flaw to cause a denial of service against an application using the Expat library (CVE-2017-9233).

Affected Systems

mageia•expat
< 2.1.0-9.5.mga5

MGASA-2017-0214

Vulnerability Summary

Timeline

Description

Affected Systems

References (3)