Search Vulnerabilities

libexpat_project / libexpat+15

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

libexpat_project / libexpat

Published Mar 10, 2024

Page 1 of 2

CVE-2023-52426

MEDIUM5.5

libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.

Local

Published Feb 4, 2024

CVE-2023-52425

libexpat_project / libexpat

libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.

Published Feb 4, 2024

CVE-2022-43680

libexpat_project / libexpat+14

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

Published Oct 24, 2022

CVE-2022-40674

HIGH8.1

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.

Published Sep 14, 2022

CVE-2022-25315

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

Published Feb 18, 2022

CVE-2022-25313

MEDIUM6.5

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

Published Feb 18, 2022

CVE-2022-25314

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

Published Feb 18, 2022

CVE-2022-25236

libexpat_project / libexpat+6

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

Published Feb 16, 2022

CVE-2022-25235

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

Published Feb 16, 2022

CVE-2022-23990

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

Published Jan 26, 2022

CVE-2022-23852

libexpat_project / libexpat+7

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

Published Jan 24, 2022

CVE-2022-22824

defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVE-2022-22825

lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVE-2022-22823

build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVE-2022-22826

nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVE-2022-22827

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVE-2022-22822

addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

libexpat_project / libexpat+10

CVE-2021-46143

HIGH8.1

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

Published Jan 6, 2022

CVE-2021-45960

libexpat_project / libexpat+11

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).