In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. CREATE(Triage):(User=admin) CVE-2021-46143 (https://nvd.nist.gov/vuln/detail/CVE-2021-46143)