Python Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability - CVE-2016-0718
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document which triggers a buffer overflow.