In libexpat through 2.4.9, there is a use-after free caused by overeager
destruction of a shared DTD in XML_ExternalEntityParserCreate in
out-of-memory situations.

#### Bugs

*

#### Notes

Author| Note
—|—
[sbeattie]() | paraview uses system expat xotcl uses system expat poco uses system expat gdcm uses system expat audacity uses system expat simgear uses system expat coin3 uses system expat as of 4.0.0~CMake~6f54f1602475+ds1-1 sitecopy uses system expat since 1:0.16.0-1 (dapper!)
[mdeslaur]() | apache2 uses system expat apr-util uses system expat cmake uses system expat ghostscript uses system expatRead More