In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. CREATE(Triage):(User=admin) [CVE-2021-46143|https://nvd.nist.gov/vuln/detail/CVE-2021-46143]