CVE-2022-23852: expat: Integer overflow in function XML_GetBuffer

Severity: Critical

CVSS Score: 9.8

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.