{"id":"MGASA-2016-0193","summary":"Updated expat packages fix security vulnerability","details":"Gustavo Grieco discovered that Expat does not properly handle certain\nkinds of malformed input documents, resulting in buffer overflows during\nprocessing and error reporting. A remote attacker can take advantage of\nthis flaw to cause an application using the Expat library to crash, or\npotentially, to execute arbitrary code with the privileges of the user\nrunning the application (CVE-2016-0718).\n","modified":"2026-04-16T06:24:17.566027136Z","published":"2016-05-20T11:38:30Z","upstream":["CVE-2016-0718"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0193.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=18479"},{"type":"WEB","url":"https://www.debian.org/security/2016/dsa-3582"}],"affected":[{"package":{"name":"expat","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/expat?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.1.0-9.2.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0193.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}