Vulnerabilities (CVE)

Filtered by vendor Libexpat Project Subscribe
Total 34 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-52426 1 Libexpat Project 1 Libexpat 2024-03-07 N/A 5.5 MEDIUM
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.
CVE-2023-52425 1 Libexpat Project 1 Libexpat 2024-02-26 N/A 7.5 HIGH
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
CVE-2009-3720 4 A M Kuchling, Apache, Libexpat Project and 1 more 4 Pyxml, Http Server, Libexpat and 1 more 2024-02-22 5.0 MEDIUM N/A
The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
CVE-2022-43680 4 Debian, Fedoraproject, Libexpat Project and 1 more 18 Debian Linux, Fedora, Libexpat and 15 more 2024-01-21 N/A 7.5 HIGH
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
CVE-2022-40674 3 Debian, Fedoraproject, Libexpat Project 3 Debian Linux, Fedora, Libexpat 2023-12-10 N/A 8.1 HIGH
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
CVE-2022-25236 4 Debian, Libexpat Project, Oracle and 1 more 5 Debian Linux, Libexpat, Http Server and 2 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
CVE-2022-25235 5 Debian, Fedoraproject, Libexpat Project and 2 more 6 Debian Linux, Fedora, Libexpat and 3 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
CVE-2022-25314 5 Debian, Fedoraproject, Libexpat Project and 2 more 6 Debian Linux, Fedora, Libexpat and 3 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
CVE-2022-25313 5 Debian, Fedoraproject, Libexpat Project and 2 more 6 Debian Linux, Fedora, Libexpat and 3 more 2023-12-10 4.3 MEDIUM 6.5 MEDIUM
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
CVE-2022-25315 5 Debian, Fedoraproject, Libexpat Project and 2 more 6 Debian Linux, Fedora, Libexpat and 3 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
CVE-2022-22826 4 Debian, Libexpat Project, Siemens and 1 more 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more 2023-12-10 6.8 MEDIUM 8.8 HIGH
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2021-46143 4 Libexpat Project, Netapp, Siemens and 1 more 8 Libexpat, Active Iq Unified Manager, Clustered Data Ontap and 5 more 2023-12-10 6.8 MEDIUM 7.8 HIGH
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
CVE-2022-22827 4 Debian, Libexpat Project, Siemens and 1 more 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more 2023-12-10 6.8 MEDIUM 8.8 HIGH
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22824 4 Debian, Libexpat Project, Siemens and 1 more 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22822 4 Debian, Libexpat Project, Siemens and 1 more 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-23990 6 Debian, Fedoraproject, Libexpat Project and 3 more 6 Debian Linux, Fedora, Libexpat and 3 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
CVE-2022-22825 4 Debian, Libexpat Project, Siemens and 1 more 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more 2023-12-10 6.8 MEDIUM 8.8 HIGH
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22823 4 Debian, Libexpat Project, Siemens and 1 more 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-23852 6 Debian, Libexpat Project, Netapp and 3 more 7 Debian Linux, Libexpat, Clustered Data Ontap and 4 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
CVE-2021-45960 5 Debian, Libexpat Project, Netapp and 2 more 8 Debian Linux, Libexpat, Active Iq Unified Manager and 5 more 2023-12-10 9.0 HIGH 8.8 HIGH
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).