| Package | expat |
|---|---|
| Version | 2.1.0-1+deb7u7 |
| Related CVEs | CVE-2019-15903 |
A heap-based buffer overread vulnerability in expat, an XML parsing library.
A specially-crafted XML input could fool the parser into changing from DTD
parsing to document parsing too early; a consecutive call to
XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a
heap-based buffer overread.
For Debian 7 Wheezy, these problems have been fixed in version 2.1.0-1+deb7u7.
We recommend that you upgrade your expat packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.