FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

expat2 -- denial of service

Affected packages
expat < 2.1.1_2

Details

VuXML ID ff76f0e0-3f11-11e6-b3c8-14dae9d210b8
Discovery 2016-06-09
Entry 2016-06-30
Modified 2016-11-30

Adam Maris reports:

It was found that original patch for issues CVE-2015-1283 and CVE-2015-2716 used overflow checks that could be optimized out by some compilers applying certain optimization settings, which can cause the vulnerability to remain even after applying the patch.

References

CVE Name CVE-2016-4472
URL https://bugzilla.redhat.com/show_bug.cgi?id=1344251