Vulnerabilities (CVE)

Filtered by vendor Libexpat Project Subscribe
Filtered by product Libexpat
Total 21 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-22826 1 Libexpat Project 1 Libexpat 2022-01-17 6.8 MEDIUM 8.8 HIGH
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22823 1 Libexpat Project 1 Libexpat 2022-01-17 7.5 HIGH 9.8 CRITICAL
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22827 1 Libexpat Project 1 Libexpat 2022-01-17 6.8 MEDIUM 8.8 HIGH
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22824 1 Libexpat Project 1 Libexpat 2022-01-17 7.5 HIGH 9.8 CRITICAL
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2021-45960 1 Libexpat Project 1 Libexpat 2022-01-17 5.0 MEDIUM 7.5 HIGH
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
CVE-2021-46143 1 Libexpat Project 1 Libexpat 2022-01-17 6.8 MEDIUM 7.8 HIGH
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
CVE-2022-22825 1 Libexpat Project 1 Libexpat 2022-01-17 6.8 MEDIUM 8.8 HIGH
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22822 1 Libexpat Project 1 Libexpat 2022-01-17 7.5 HIGH 9.8 CRITICAL
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2013-0340 1 Libexpat Project 1 Libexpat 2021-10-27 6.8 MEDIUM N/A
expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
CVE-2018-20843 6 Canonical, Debian, Fedoraproject and 3 more 6 Ubuntu Linux, Debian Linux, Fedora and 3 more 2021-10-20 7.8 HIGH 7.5 HIGH
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).
CVE-2012-0876 1 Libexpat Project 1 Libexpat 2021-07-31 4.3 MEDIUM N/A
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.
CVE-2016-4472 2 Canonical, Libexpat Project 2 Ubuntu Linux, Libexpat 2021-07-31 6.8 MEDIUM 8.1 HIGH
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.
CVE-2016-5300 4 Canonical, Debian, Google and 1 more 4 Ubuntu Linux, Debian Linux, Android and 1 more 2021-07-31 7.8 HIGH 7.5 HIGH
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.
CVE-2016-0718 7 Apple, Canonical, Debian and 4 more 12 Mac Os X, Ubuntu Linux, Debian Linux and 9 more 2021-07-31 7.5 HIGH 9.8 CRITICAL
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
CVE-2015-1283 2 Google, Libexpat Project 2 Chrome, Libexpat 2021-07-31 6.8 MEDIUM N/A
Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.
CVE-2017-9233 1 Libexpat Project 1 Libexpat 2021-06-29 5.0 MEDIUM 7.5 HIGH
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.
CVE-2019-15903 1 Libexpat Project 1 Libexpat 2021-06-15 5.0 MEDIUM 7.5 HIGH
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
CVE-2012-6702 4 Canonical, Debian, Google and 1 more 4 Ubuntu Linux, Debian Linux, Android and 1 more 2021-01-25 4.3 MEDIUM 5.9 MEDIUM
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
CVE-2012-1148 2 Apple, Libexpat Project 2 Mac Os X, Libexpat 2021-01-25 5.0 MEDIUM N/A
Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.
CVE-2012-1147 2 Apple, Libexpat Project 2 Mac Os X, Libexpat 2021-01-25 4.3 MEDIUM N/A
readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.