Buffer Overflow Affecting expat Open this link in a new tab package, versions >=0.0.0

Attack Complexity

Low
User Interaction

Required

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

snyk-id

SNYK-COCOAPODS-EXPAT-470903
published

2 Oct 2019
disclosed

22 Jul 2015
credit

Unknown

Report a new vulnerability Found a mistake?

Introduced: 22 Jul 2015

CVE-2015-1283 Open this link in a new tab CWE-189 Open this link in a new tab

How to fix?

There is no fixed version for expat.

Overview

expat is a XML parser library written in C.

Affected versions of this package are vulnerable to Buffer Overflow. The vulnerability exists because there are multiple integer overflows in the XML_GetBuffer function that leads to a heap-based buffer overflow which may lead to further unspecified impact. This issue is related to CVE-2015-2716.

References

Chrome Release
Chromium Issue
Debian Security Advisory
Debian Security Advisory
Gentoo Security Advisory
Gentoo Security Advisory
https://codereview.chromium.org/1224303003
https://source.android.com/security/bulletin/2016-11-01.html
https://www.tenable.com/security/tns-2016-20
OpenSuse Security Announcement
OpenSuse Security Announcement
OpenSuse Security Announcement
OpenSuse Security Announcement
OpenSuse Security Announcement
Oracle Security Bulletin
Patch
RedHat Security Advisory
Security Focus
Security Tracker
Ubuntu Security Advisory

Buffer Overflow Affecting expat Open this link in a new tab package, versions >=0.0.0

Attack Complexity

User Interaction

snyk-id

published

disclosed

credit

Introduced: 22 Jul 2015

How to fix?

Overview

References