Vulnerabilities (CVE)

Filtered by vendor Libexpat Project Subscribe
Filtered by product Libexpat
Total 30 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-0718 9 Apple, Canonical, Debian and 6 more 14 Mac Os X, Ubuntu Linux, Debian Linux and 11 more 2023-02-02 7.5 HIGH 9.8 CRITICAL
An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application.
CVE-2022-40674 3 Debian, Fedoraproject, Libexpat Project 3 Debian Linux, Fedora, Libexpat 2023-02-01 N/A 8.1 HIGH
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
CVE-2013-0340 3 Apple, Libexpat Project, Python 7 Ipados, Iphone Os, Macos and 4 more 2023-01-09 6.8 MEDIUM N/A
expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
CVE-2022-43680 4 Debian, Fedoraproject, Libexpat Project and 1 more 18 Debian Linux, Fedora, Libexpat and 15 more 2022-12-02 N/A 7.5 HIGH
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
CVE-2022-23990 6 Debian, Fedoraproject, Libexpat Project and 3 more 6 Debian Linux, Fedora, Libexpat and 3 more 2022-10-31 5.0 MEDIUM 7.5 HIGH
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
CVE-2022-23852 6 Debian, Libexpat Project, Netapp and 3 more 7 Debian Linux, Libexpat, Clustered Data Ontap and 4 more 2022-10-29 7.5 HIGH 9.8 CRITICAL
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
CVE-2022-25235 5 Debian, Fedoraproject, Libexpat Project and 2 more 6 Debian Linux, Fedora, Libexpat and 3 more 2022-10-07 7.5 HIGH 9.8 CRITICAL
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
CVE-2022-25313 5 Debian, Fedoraproject, Libexpat Project and 2 more 6 Debian Linux, Fedora, Libexpat and 3 more 2022-10-07 4.3 MEDIUM 6.5 MEDIUM
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
CVE-2022-25236 4 Debian, Libexpat Project, Oracle and 1 more 5 Debian Linux, Libexpat, Http Server and 2 more 2022-10-07 7.5 HIGH 9.8 CRITICAL
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
CVE-2021-46143 4 Libexpat Project, Netapp, Siemens and 1 more 8 Libexpat, Active Iq Unified Manager, Clustered Data Ontap and 5 more 2022-10-06 6.8 MEDIUM 7.8 HIGH
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
CVE-2021-45960 5 Debian, Libexpat Project, Netapp and 2 more 8 Debian Linux, Libexpat, Active Iq Unified Manager and 5 more 2022-10-06 9.0 HIGH 8.8 HIGH
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
CVE-2022-22822 4 Debian, Libexpat Project, Siemens and 1 more 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more 2022-10-06 7.5 HIGH 9.8 CRITICAL
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22825 4 Debian, Libexpat Project, Siemens and 1 more 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more 2022-10-06 6.8 MEDIUM 8.8 HIGH
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22824 4 Debian, Libexpat Project, Siemens and 1 more 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more 2022-10-06 7.5 HIGH 9.8 CRITICAL
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22823 4 Debian, Libexpat Project, Siemens and 1 more 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more 2022-10-06 7.5 HIGH 9.8 CRITICAL
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22827 4 Debian, Libexpat Project, Siemens and 1 more 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more 2022-10-06 6.8 MEDIUM 8.8 HIGH
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22826 4 Debian, Libexpat Project, Siemens and 1 more 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more 2022-10-06 6.8 MEDIUM 8.8 HIGH
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-25315 5 Debian, Fedoraproject, Libexpat Project and 2 more 6 Debian Linux, Fedora, Libexpat and 3 more 2022-10-05 7.5 HIGH 9.8 CRITICAL
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
CVE-2022-25314 5 Debian, Fedoraproject, Libexpat Project and 2 more 6 Debian Linux, Fedora, Libexpat and 3 more 2022-10-05 5.0 MEDIUM 7.5 HIGH
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
CVE-2012-0876 6 Canonical, Debian, Libexpat Project and 3 more 11 Ubuntu Linux, Debian Linux, Libexpat and 8 more 2022-08-05 4.3 MEDIUM N/A
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.