Severity: Critical
CVSS Score: 9.8
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.