1396540 – (CVE-2016-9063) CVE-2016-9063 firefox: Possible integer overflow to fix inside XML_Parse in Expat

Bug 1396540 (CVE-2016-9063) - CVE-2016-9063 firefox: Possible integer overflow to fix inside XML_Parse in Expat

Summary: CVE-2016-9063 firefox: Possible integer overflow to fix inside XML_Parse in E...

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2016-9063
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1462755 1462756 1462757 1462758 1478230
Blocks:	1392803 1462763
TreeView+	depends on / blocked

Reported:	2016-11-18 15:24 UTC by Adam Mariš
Modified:	2023-11-22 15:21 UTC (History)
CC List:	46 users (show)
Fixed In Version:	firefox 50
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-06-08 03:02:20 UTC
Embargoed:

Attachments	(Terms of Use)

Description Adam Mariš 2016-11-18 15:24:54 UTC

An integer overflow during the parsing of XML using the Expat library.

External References:

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9063

Comment 1 Adam Mariš 2016-11-18 15:25:06 UTC

Acknowledgments:

Name: the Mozilla project
Upstream: Gustavo Grieco

Comment 2 Huzaifa S. Sidhpurwala 2016-11-24 05:23:49 UTC

Statement:

This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5, 6 and 7.

Comment 3 Adam Mariš 2017-06-19 13:09:51 UTC

Upstream patch:

https://github.com/libexpat/libexpat/commit/d4f735b88d9932bd5039df2335eefdd0723dbe20

Comment 4 Adam Mariš 2017-06-19 13:10:36 UTC

Created compat-expat1 tracking bugs for this issue:

Affects: fedora-all [bug 1462758]


Created expat tracking bugs for this issue:

Affects: fedora-all [bug 1462756]


Created expat21 tracking bugs for this issue:

Affects: epel-all [bug 1462755]


Created mingw-expat tracking bugs for this issue:

Affects: epel-7 [bug 1462757]

Comment 5 Huzaifa S. Sidhpurwala 2017-07-03 07:44:40 UTC

Expat upstream fixed this issue via the following commit:

https://github.com/libexpat/libexpat/commit/d4f735b88d9932bd5039df2335eefdd0723dbe20

Comment 6 Huzaifa S. Sidhpurwala 2017-08-04 03:52:54 UTC

Created mingw-expat tracking bugs for this issue:

Affects: fedora-all [bug 1478230]

Note You need to log in before you can comment on or make changes to this bug.

besser82
bmaxwell
bmcclain
cdewolf
cfergeau
chazlett
cschalle
csutherl
darran.lofthouse
dblechte
dimitris
dosoudil
eedri
erik-fedora
fgavrilo
gecko-bugs-nobody
gzaronik
jawilson
jclere
jhorak
jondruse
jorton
jshepherd
lgao
lsurette
lupinix.fedora
mbabacek
mgoldboi
michal.skrivanek
myarboro
pgier
pjurak
ppalaga
psakar
pslavice
rh-spice-bugs
rjones
rnetuka
rstancel
rsvoboda
srevivo
stransky
twalsh
vtunka
weli
ykaul