Bugzilla – Bug 980391
VUL-0: CVE-2015-1283: expat: Heap-buffer-overflow in expat
Last modified: 2023-11-21 16:33:31 UTC
CVE-2015-1283 Description: ============ Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. Affected versions: ================== - expat 2.1.0 and previous versions - chrome 43.0.2357.134 and previous versions * see bug#939077 * it has been already fixed for chromium Expat patches: ============== https://sourceforge.net/p/expat/code_git/ci/ba0f9c3b40c264b8dd392e02a7a060a8fa54f032 https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde References: =========== http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1283 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1283 https://sourceforge.net/p/expat/bugs/528/ https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-1283
This is an autogenerated message for OBS integration: This bug (980391) was mentioned in https://build.opensuse.org/request/show/396617 13.2 / expat
openSUSE-SU-2016:1441-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 979441,980391 CVE References: CVE-2015-1283,CVE-2016-0718 Sources used: openSUSE 13.2 (src): expat-2.1.0-14.3.1
SUSE-SU-2016:1508-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 979441,980391 CVE References: CVE-2015-1283,CVE-2016-0718 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): expat-2.1.0-17.1 SUSE Linux Enterprise Software Development Kit 12 (src): expat-2.1.0-17.1 SUSE Linux Enterprise Server 12-SP1 (src): expat-2.1.0-17.1 SUSE Linux Enterprise Server 12 (src): expat-2.1.0-17.1 SUSE Linux Enterprise Desktop 12-SP1 (src): expat-2.1.0-17.1 SUSE Linux Enterprise Desktop 12 (src): expat-2.1.0-17.1
SUSE-SU-2016:1512-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 979441,980391 CVE References: CVE-2015-1283,CVE-2016-0718 Sources used: SUSE Studio Onsite 1.3 (src): expat-2.0.1-88.38.1 SUSE Linux Enterprise Software Development Kit 11-SP4 (src): expat-2.0.1-88.38.1 SUSE Linux Enterprise Server 11-SP4 (src): expat-2.0.1-88.38.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): expat-2.0.1-88.38.1
openSUSE-SU-2016:1523-1: An update that fixes two vulnerabilities is now available. Category: security (important) Bug References: 979441,980391 CVE References: CVE-2015-1283,CVE-2016-0718 Sources used: openSUSE Leap 42.1 (src): expat-2.1.0-17.1
released
The re-fix [1] of the original patch has obtained a CVE number (CVE-2016-4472). See bug 983985. The re-fix was already applied but CVE is not mentioned in the changelog as it was assigned after this submission. It will be added in the next update. [1] https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde