FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

expat -- Heap use-after-free vulnerability

Affected packages
expat < 2.4.9

Details

VuXML ID 0a0670a1-3e1a-11ed-b48b-e0d55e2a8bf9
Discovery 2022-09-14
Entry 2022-09-27

Debian Security Advisory reports:

Rhodri James discovered a heap use-after-free vulnerability in the doContent function in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed.

References

CVE Name CVE-2022-40674
URL https://nvd.nist.gov/vuln/detail/CVE-2022-40674
URL https://www.debian.org/security/2022/dsa-5236