[New-bugs-announce] [issue30610] libexpat vulnerable to CVE-2016-0718
Duy Phan Thanh
report at bugs.python.org
Fri Jun 9 05:07:10 EDT 2017
New submission from Duy Phan Thanh:
Python's libexpat library is outdated and vulnerable to CVE-2016-0718 https://sourceforge.net/p/expat/bugs/537/
which can cause remote code execution through malicious xml files. The attached POC crashed both python 2.7 and python 3.5 on my windows machine.
----------
components: XML
files: overflow.zip
messages: 295502
nosy: Duy Phan Thanh
priority: normal
severity: normal
status: open
title: libexpat vulnerable to CVE-2016-0718
type: security
Added file: http://bugs.python.org/file46938/overflow.zip
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue30610>
_______________________________________
More information about the New-bugs-announce
mailing list