CVE-2016-0718: expat: Out-of-bounds heap read on crafted input causing crash

Severity: Critical

CVSS Score: 9.8

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.