Ubuntu Security Notice 890-1 – Jukka Taimisto, Tero Rontti and Rauli Kaksonen discovered that Expat did not properly process malformed XML. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash. It was discovered that Expat did not properly process malformed UTF-8 sequences. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service via application crash.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/85454/USN-890-1.txt
Source: https://packetstormsecurity.com/files/85454/Ubuntu-Security-Notice-890-1.html