Issue #26556: Expat 2.1.1

Warning

This resource is maintained for historical reference and does not contain the latest vulnerability info for Python.

The canonical database for vulnerabilities affecting Python is available on GitHub in the Open Source Vulnerability (OSV) format. This vulnerability can be viewed online at the Open Source Vulnerability Database.

Multiple integer overflows have been discovered in Expat, an XML parsing C library, which may result in denial of service or the execution of arbitrary code if a malformed XML file is processed.

Update bundled copy of Expat library to version 2.1.1 to get CVE-2015-1283 fixes.

Dates:

  • Disclosure date: 2016-03-14 (Python issue bpo-26556 reported)
  • Reported at: 2015-07-24 (Expat issue #528 reported)
  • Reported by: David Dillard (Expat issue)

Fixed In

Python issue

Update expat to 2.1.1.

  • Python issue: bpo-26556
  • Creation date: 2016-03-14
  • Reporter: Christian Heimes

CVE-2015-1283

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.

Timeline

Timeline using the disclosure date 2016-03-14 as reference:

  • 2015-07-23 (-235 days): CVE-2015-1283 published
  • 2015-07-24 (-234 days): Reported (Expat issue #528 reported)
  • 2016-03-14: Python issue bpo-26556 reported by Christian Heimes
  • 2016-06-11 (+89 days): commit 196d7db (branch 3.4)
  • 2016-06-11 (+89 days): commit d244a8f (branch 2.7)
  • 2016-06-25 (+103 days): Python 2.7.12 released
  • 2016-06-25 (+103 days): Python 3.4.5 released
  • 2016-06-25 (+103 days): Python 3.5.2 released
  • 2016-12-22: Python 3.6.0 released
  • 2017-07-16 (+489 days): commit ab90986 (branch 3.3)
  • 2017-09-19 (+554 days): Python 3.3.7 released