Description
The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
Remediation
References
Related Vulnerabilities
MySQL CVE-2023-22111 Vulnerability (CVE-2023-22111)
WordPress Plugin Category Grid View Gallery TimThumb Arbitrary File Upload (0.1.1)
WordPress Plugin Sticky Ad Bar Cross-Site Scripting (1.3.1)
Microsoft SQL Server CVE-2023-36420 Vulnerability (CVE-2023-36420)
WordPress Plugin Contact Form 7 Datepicker Cross-Site Scripting (2.6.0)