expat vulnerability CVE-2016-4472

Question

expat vulnerability CVE-2016-4472

ipuustin opened this issue 8 years ago · 1 comments

Base CVSS severity 8.1 (high). Ostro OS severity not yet analyzed.

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4472

Answer 1 · 2016-10-07T07:38:29.000Z

It seems that this is issue is a false alarm -- the fix is already in expat 2.2.0 event though the CVE database indicates expat 2.2.0 to be vulnerable. See https://sourceforge.net/p/expat/code_git/ci/master/tree/expat/Changes for the list of CVE fixes included in 2.2.0 release.