Opened 11 years ago

Last modified 11 years ago

#116 new defect

Apply patch against crash in UTF-8 parser in Expat (CVE-2009-2625)

Reported by: rouault Owned by: osgeo4w-dev@…
Priority: major Component: Package
Version: Keywords: expat


A security hole has been discovered in Expat 2.0.1 that make it crash on invalid UTF8 sequences. The fix is in upstream Expat( and has been backported to Linux distros :,

Change History (2)

comment:1 Changed 11 years ago by tamas

Is this the only location where this problem may arise? I see a couple of places similar to this in the affected file.

comment:2 Changed 11 years ago by rouault

I'll usually trust Linux distro and security researchers for places to patch. Actually, When looking at, I see there's also an extra patch for another expat CVE that should be applied. So the 2 are :

Note: See TracTickets for help on using tickets.