Comment 0 for bug 1975755
Revision history for this message
| Joe Slater (jslater0wind) wrote CVE-2022-23990 expat | #0 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0f7b58d
(Get the code!)
Found during April 2022 CVE Scan
CVE-2022-23990: https:/
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
Description:
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
Score:
cve_id status cvss2Score av ac au ai
CVE-2022-23990 fixed 7.5 N L N C
Note:
No fix on CentOS 7, so we need to covert expat to source rpm and fix it by applying a source patch
Severity: Critical CVE