Severity: Critical
CVSS Score: 9.8
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.