VulnerableCode Package Details - pkg:deb/debian/expat@2.8.0-1?distro=trixie

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/expat@2.8.0-1?distro=trixie

Essentials
History (48)

purl	pkg:deb/debian/expat@2.8.0-1?distro=trixie

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (48)

Vulnerability	Summary	Aliases
VCID-1fms-7y9v-dfc5	Multiple vulnerabilities have been found in Expat, the worst of which may allow execution of arbitrary code.	CVE-2013-0340
VCID-28yc-wkq6-c7hb	Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.	CVE-2022-25313
VCID-292c-g8n3-cyfn	libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.	CVE-2026-41080
VCID-3465-gq22-3kfy	Multiple vulnerabilities have been found in Expat, the worst of which may allow execution of arbitrary code.	CVE-2016-0718
VCID-4c32-p11r-zud5	Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.	CVE-2021-45960
VCID-4zzy-q5zp-jkgm	A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM.	CVE-2009-3720
VCID-6c4q-2my8-aqbc	Uncontrolled Resource Consumption The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document.	CVE-2016-5300
VCID-6pk2-g77j-h3b2	An integer overflow during the parsing of XML using the Expat library.	CVE-2016-9063
VCID-77y6-jskt-qucb	libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.	CVE-2025-59375
VCID-7ndj-4zn8-cqa4	expat: parsing large tokens can trigger a denial of service	CVE-2023-52425
VCID-94fm-s7mp-vfdb	Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.	CVE-2022-23852
VCID-96wu-nph4-5yb5	Multiple vulnerabilities have been found in Expat, the worst of which may allow execution of arbitrary code.	CVE-2012-6702
VCID-9ern-6htc-p7c4	Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.	CVE-2022-22826
VCID-awtz-ujdq-efht	The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working directory because of an untrusted search path, aka DLL hijacking.	CVE-2017-11742
VCID-cy2n-zexk-jyda	Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.	CVE-2022-25315
VCID-d26t-ex9d-x3ev	Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution.	CVE-2024-45491
VCID-dy3x-vd1y-dbbn	Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.	CVE-2022-22825
VCID-e742-j1bw-jbbh	Multiple vulnerabilities have been found in Expat, possibly resulting in Denial of Service.	CVE-2012-1148
VCID-f8mk-n3um-mufk	Multiple vulnerabilities have been found in Expat, possibly resulting in Denial of Service.	CVE-2012-1147
VCID-gf3f-k2be-67e2	Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.	CVE-2022-22824
VCID-gtcn-kyd2-xqdk	Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution.	CVE-2024-45490
VCID-h5xc-cubs-5fgu	Multiple vulnerabilities have been found in Expat, the worst of which may allow execution of arbitrary code.	CVE-2016-4472
VCID-jqe4-44gw-wbhu	libexpat: libexpat: Denial of Service via infinite loop in DTD content parsing	CVE-2026-32777
VCID-k2kp-fv3q-vyh2	libexpat: expat: DoS via XML_ResumeParser	CVE-2024-50602
VCID-kp8z-47q5-n7es	Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.	CVE-2022-22827
VCID-mddr-7zar-6kfn	Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.	CVE-2022-25236
VCID-naf7-p1jf-z3ds	Improper Restriction of XML External Entity Reference `libexpat` in Expat, XML input including XML names that contain many colons could make the XML parser consume a high amount of RAM and CPU resources while processing, leading to a possible denial-of-service attack.	CVE-2018-20843
VCID-nguf-68jf-ryaz	libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat	CVE-2024-8176
VCID-nktd-7gph-kkb1	libexpat: libexpat: Denial of Service via NULL pointer dereference after out-of-memory condition	CVE-2026-32778
VCID-nmh4-zpeh-4bcr	Multiple vulnerabilities have been found in Expat, the worst of which could result in a Denial of Service condition.	CVE-2019-15903
VCID-nw3z-nwyg-87e5	Multiple vulnerabilities have been discovered in QtWebEngine, the worst of which could lead to arbitrary code execution.	CVE-2024-45492
VCID-nw7y-2xct-8fa5	Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.	CVE-2022-25235
VCID-pba8-g9ts-43bw	Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.	CVE-2022-40674
VCID-qcbz-21vm-eqfd	Multiple vulnerabilities have been found in Expat, the worst of which may allow execution of arbitrary code.	CVE-2015-1283
VCID-qmx9-wkj4-67h3	expat: recursive XML entity expansion vulnerability	CVE-2023-52426
VCID-qtav-hqnd-b7fa	A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document (for example through mod_dav) may be able to cause a crash. This crash would only be a denial of service if using the worker MPM.	CVE-2009-3560
VCID-r14v-u2r3-rkhz	security update	CVE-2017-9233
VCID-ra3j-95vv-cfen	Multiple vulnerabilities have been found in Expat, possibly resulting in Denial of Service.	CVE-2012-0876
VCID-rjbn-1a88-87cj	A vulnerability has been found in Expat which could result in denial of service.	CVE-2022-43680
VCID-th9f-gg4v-bbbe	Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.	CVE-2022-25314
VCID-tt7m-c9zc-1kem	Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.	CVE-2022-23990
VCID-u2yw-sybk-uug8	Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.	CVE-2022-22822
VCID-u5pr-wheu-h7c6	expat: XML Entity Expansion	CVE-2024-28757
VCID-utz3-ytaf-cbht	libexpat: libexpat: Information disclosure and data integrity issues due to integer overflow in buffer reallocation	CVE-2026-25210
VCID-uw5p-szmd-8qcm	Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.	CVE-2022-22823
VCID-v41j-xj8s-m7ar	libexpat: libexpat: Denial of Service due to NULL pointer dereference	CVE-2026-32776
VCID-x8gp-vvxg-13cw	Multiple vulnerabilities have been discovered in Expat, the worst of which could result in arbitrary code execution.	CVE-2021-46143
VCID-yw8s-ezc7-6ub8	libexpat: libexpat null pointer dereference	CVE-2026-24515

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-25T22:47:31.608023+00:00	Debian Importer	Fixing	VCID-292c-g8n3-cyfn	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:31.574400+00:00	Debian Importer	Fixing	VCID-nktd-7gph-kkb1	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:31.531853+00:00	Debian Importer	Fixing	VCID-jqe4-44gw-wbhu	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:31.488451+00:00	Debian Importer	Fixing	VCID-v41j-xj8s-m7ar	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:31.445952+00:00	Debian Importer	Fixing	VCID-utz3-ytaf-cbht	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:31.387255+00:00	Debian Importer	Fixing	VCID-yw8s-ezc7-6ub8	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:31.328719+00:00	Debian Importer	Fixing	VCID-77y6-jskt-qucb	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:31.258638+00:00	Debian Importer	Fixing	VCID-nguf-68jf-ryaz	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:31.207183+00:00	Debian Importer	Fixing	VCID-k2kp-fv3q-vyh2	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:31.152230+00:00	Debian Importer	Fixing	VCID-nw3z-nwyg-87e5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:31.091149+00:00	Debian Importer	Fixing	VCID-d26t-ex9d-x3ev	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:31.028923+00:00	Debian Importer	Fixing	VCID-gtcn-kyd2-xqdk	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:30.959622+00:00	Debian Importer	Fixing	VCID-u5pr-wheu-h7c6	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:30.896731+00:00	Debian Importer	Fixing	VCID-qmx9-wkj4-67h3	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:30.841269+00:00	Debian Importer	Fixing	VCID-7ndj-4zn8-cqa4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:30.786868+00:00	Debian Importer	Fixing	VCID-rjbn-1a88-87cj	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:30.738953+00:00	Debian Importer	Fixing	VCID-pba8-g9ts-43bw	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:30.686396+00:00	Debian Importer	Fixing	VCID-cy2n-zexk-jyda	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:30.640672+00:00	Debian Importer	Fixing	VCID-th9f-gg4v-bbbe	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:30.594508+00:00	Debian Importer	Fixing	VCID-28yc-wkq6-c7hb	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:30.547753+00:00	Debian Importer	Fixing	VCID-mddr-7zar-6kfn	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:30.492836+00:00	Debian Importer	Fixing	VCID-nw7y-2xct-8fa5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:30.439130+00:00	Debian Importer	Fixing	VCID-tt7m-c9zc-1kem	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:30.392705+00:00	Debian Importer	Fixing	VCID-94fm-s7mp-vfdb	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:30.344252+00:00	Debian Importer	Fixing	VCID-kp8z-47q5-n7es	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:30.289578+00:00	Debian Importer	Fixing	VCID-9ern-6htc-p7c4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:30.232493+00:00	Debian Importer	Fixing	VCID-dy3x-vd1y-dbbn	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:30.175942+00:00	Debian Importer	Fixing	VCID-gf3f-k2be-67e2	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:30.119605+00:00	Debian Importer	Fixing	VCID-uw5p-szmd-8qcm	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:30.063269+00:00	Debian Importer	Fixing	VCID-u2yw-sybk-uug8	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:30.006827+00:00	Debian Importer	Fixing	VCID-x8gp-vvxg-13cw	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:29.957206+00:00	Debian Importer	Fixing	VCID-4c32-p11r-zud5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:29.898705+00:00	Debian Importer	Fixing	VCID-nmh4-zpeh-4bcr	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:29.850001+00:00	Debian Importer	Fixing	VCID-naf7-p1jf-z3ds	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:29.800860+00:00	Debian Importer	Fixing	VCID-r14v-u2r3-rkhz	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:29.758093+00:00	Debian Importer	Fixing	VCID-awtz-ujdq-efht	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:29.714039+00:00	Debian Importer	Fixing	VCID-6pk2-g77j-h3b2	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:29.669754+00:00	Debian Importer	Fixing	VCID-6c4q-2my8-aqbc	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:29.627286+00:00	Debian Importer	Fixing	VCID-h5xc-cubs-5fgu	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:29.585999+00:00	Debian Importer	Fixing	VCID-3465-gq22-3kfy	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:29.543553+00:00	Debian Importer	Fixing	VCID-qcbz-21vm-eqfd	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:29.489240+00:00	Debian Importer	Fixing	VCID-1fms-7y9v-dfc5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:29.432759+00:00	Debian Importer	Fixing	VCID-96wu-nph4-5yb5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:29.389037+00:00	Debian Importer	Fixing	VCID-e742-j1bw-jbbh	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:29.341824+00:00	Debian Importer	Fixing	VCID-f8mk-n3um-mufk	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:29.299285+00:00	Debian Importer	Fixing	VCID-ra3j-95vv-cfen	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:29.251205+00:00	Debian Importer	Fixing	VCID-4zzy-q5zp-jkgm	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-25T22:47:29.203237+00:00	Debian Importer	Fixing	VCID-qtav-hqnd-b7fa	https://security-tracker.debian.org/tracker/data/json	38.4.0