Description
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
Remediation
References
Related Vulnerabilities
MySQL Other Vulnerability (CVE-2010-3682)
IBM WebSEAL Insertion of Sensitive Information into Log File Vulnerability (CVE-2017-1480)
Drupal Improper Input Validation Vulnerability (CVE-2007-6299)
Django Uncontrolled Recursion Vulnerability (CVE-2019-14235)
WebLogic Incorrect Authorization Vulnerability (CVE-2018-1258)