Commit 3b6c47c0 authored Jan 19, 2022 by Steve Sakoman

expat fix CVE-2022-22822 through CVE-2022-22827

xmlparse.c has multiple integer overflows. The involved functions are:

- addBinding (CVE-2022-22822)
- build_model (CVE-2022-22823)
- defineAttribute (CVE-2022-22824)
- lookup (CVE-2022-22825)
- nextScaffoldPart (CVE-2022-22826)
- storeAtts (CVE-2022-22827)

Backport patch from:
https://github.com/libexpat/libexpat/pull/539/commits/9f93e8036e842329863bf20395b8fb8f73834d9e



CVE: CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827
Signed-off-by: Steve Sakoman <steve@sakoman.com>

parent 01f256bc

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit 0d195a98
· Feb 03, 2022

mentioned in commit 0d195a98

mentioned in commit 0d195a98703d690a348719f77e7be78653d14ad3

Toggle commit list

Please register or to comment