New submission from Duy Phan Thanh: Python's libexpat library is outdated and vulnerable to CVE-2016-0718 https://sourceforge.net/p/expat/bugs/537/ which can cause remote code execution through malicious xml files. The attached POC crashed both python 2.7 and python 3.5 on my windows machine.
---------- components: XML files: overflow.zip messages: 295502 nosy: Duy Phan Thanh priority: normal severity: normal status: open title: libexpat vulnerable to CVE-2016-0718 type: security Added file: http://bugs.python.org/file46938/overflow.zip _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue30610> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com