REDHAT-BUG-2448181: Medium severity Expat Expat vulnerability
When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs.
Affected Software
Event History
Frequently Asked Questions
What is the severity of REDHAT-BUG-2448181?
The severity of REDHAT-BUG-2448181 is critical due to the potential for C stack overflow which can lead to application crashes.
How do I fix REDHAT-BUG-2448181?
To fix REDHAT-BUG-2448181, update to the latest patched version of the Expat library as provided by your vendor.
What software is affected by REDHAT-BUG-2448181?
REDHAT-BUG-2448181 affects the Expat XML parser when it processes specific inline document type definitions.
What causes the issue in REDHAT-BUG-2448181?
The issue in REDHAT-BUG-2448181 is caused by a combination of a registered ElementDeclHandler and deeply nested content models that lead to a stack overflow.
Can REDHAT-BUG-2448181 be exploited remotely?
Yes, REDHAT-BUG-2448181 could potentially be exploited remotely if an application parsing untrusted XML data is vulnerable.