MGASA-2022-0048

Advisory lineage Upstream: 2 Downstream: 0
Published: 03 Feb 2022, 20:29
Last modified:16 Apr 2026, 04:42

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

03 Feb 2022, 20:29
Published
Vulnerability first disclosed
16 Apr 2026, 04:42
Last Modified
Vulnerability information updated

Description

Updated expat packages fix security vulnerability Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. (CVE-2022-23852) Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. (CVE-2022-23990)

Affected Systems

  • mageiaexpat

    < 2.2.10-1.2.mga8

References (3)