In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XMLGetCurrentLineNumber (or XMLGetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
{ "vanir_signatures": [ { "signature_type": "Function", "signature_version": "v1", "source": "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43", "deprecated": false, "id": "CVE-2019-15903-0d752d8d", "target": { "file": "expat/lib/xmlparse.c", "function": "doProlog" }, "digest": { "length": 27888.0, "function_hash": "125271961576543742310629350504968019617" } }, { "signature_type": "Function", "signature_version": "v1", "source": "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43", "deprecated": false, "id": "CVE-2019-15903-3992c034", "target": { "file": "expat/lib/xmlparse.c", "function": "processInternalEntity" }, "digest": { "length": 1541.0, "function_hash": "258898664727023212628731136448884091064" } }, { "signature_type": "Function", "signature_version": "v1", "source": "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43", "deprecated": false, "id": "CVE-2019-15903-4fa8a18a", "target": { "file": "expat/lib/xmlparse.c", "function": "prologProcessor" }, "digest": { "length": 347.0, "function_hash": "320542276707726540903784573260106917696" } }, { "signature_type": "Function", "signature_version": "v1", "source": "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43", "deprecated": false, "id": "CVE-2019-15903-50a68847", "target": { "file": "expat/lib/xmlparse.c", "function": "internalEntityProcessor" }, "digest": { "length": 1691.0, "function_hash": "87559746390753119708030472024368882252" } }, { "signature_type": "Line", "signature_version": "v1", "source": "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43", "deprecated": false, "id": "CVE-2019-15903-52ad81f3", "target": { "file": "expat/lib/xmlparse.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "132983735470197785746052135782572205033", "146204224061470080606983094059913412689", "7599560151177139529648421590374092798", "43488536384691544214046994497908120940", "316924857856242392275636406882952016268", "313502711495946994497639020874340401069", "195484947523758424504813833072420643936", "66393858657853185419579310156918223010", "255221502895981869157887834697152878351", "106795823336306937525621181615350467828", "226320368211189727652238023669300150723", "120536527396395186340591214598221850705", "157897276731025067219377731738911663661", "56387941961793144568065674959231386429", "122849457964806115309741096903856490512", "175297395996681036848075065183921967929", "299387118000825267278833341847060218101", "276502891951823894309157759029430923936", "56631634594391992920425749299177991860", "128211256018775436878936886506812361210", "136991866931827280169215334671955339519", "267326537430448345157071811058789050241", "281089508152999328292147815149430177071", "266760975306673981287073430543841070947", "136991866931827280169215334671955339519", "267326537430448345157071811058789050241", "281089508152999328292147815149430177071", "145115243084578848234012712515518269345", "130000406535845302189293374835665079658", "249245281332386594223044783888918985169", "150401336559048452177710326613018819487", "41422063577574542654899415359947089205" ] } }, { "signature_type": "Function", "signature_version": "v1", "source": "https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43", "deprecated": false, "id": "CVE-2019-15903-9c136d97", "target": { "file": "expat/lib/xmlparse.c", "function": "externalParEntProcessor" }, "digest": { "length": 878.0, "function_hash": "217326096847551269990637517059988824832" } } ] }