Search for packages
| purl | pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5 |
| Next non-vulnerable version | 2.5.0-1+deb12u2 |
| Latest non-vulnerable version | 2.5.0-1+deb12u2 |
| Risk | 4.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-dgs1-y858-hfhp
Aliases: CVE-2024-50602 |
An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. |
Affected by 5 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-evqy-f4at-7qed
Aliases: CVE-2024-28757 |
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). |
Affected by 0 other vulnerabilities. |
|
VCID-jk3t-c9pe-c3a1
Aliases: CVE-2024-45491 |
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). |
Affected by 5 other vulnerabilities. |
|
VCID-phjj-j9b4-w7ft
Aliases: CVE-2023-52425 |
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. |
Affected by 5 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-qjez-wwmn-nfed
Aliases: CVE-2024-45490 |
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. |
Affected by 5 other vulnerabilities. |
|
VCID-tbtw-x77z-sfed
Aliases: CVE-2013-0340 |
expat: internal entity expansion |
Affected by 5 other vulnerabilities. |
|
VCID-um4b-36qj-g7fm
Aliases: CVE-2024-45492 |
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). |
Affected by 5 other vulnerabilities. |
|
VCID-xvec-3w4v-9kgt
Aliases: CVE-2024-8176 |
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage. |
Affected by 0 other vulnerabilities. |
|
VCID-zemq-5gq1-bbda
Aliases: CVE-2023-52426 |
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-38en-btnt-5bhw | In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. |
CVE-2022-25314
|
| VCID-3g24-e9ng-z7gx | A flaw in XML parsing could have led to a use-after-free causing a potentially exploitable crash.*In official releases of Firefox this vulnerability is mitigated by wasm sandboxing; versions managed by Linux distributions may have other settings.* |
CVE-2022-40674
|
| VCID-47ja-wy36-m7ey | In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. |
CVE-2022-25313
|
| VCID-7ry9-j4mj-9qbv | storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
CVE-2022-22827
|
| VCID-bfcc-wr6s-bbeb | In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. |
CVE-2021-46143
|
| VCID-d5kt-vj2g-2uf6 | Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. |
CVE-2022-23852
|
| VCID-emb9-ht45-suej | defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
CVE-2022-22824
|
| VCID-eymk-66au-wbfe | nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
CVE-2022-22826
|
| VCID-fsrs-93re-6bf3 | build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
CVE-2022-22823
|
| VCID-p912-5aeb-xqdq | addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
CVE-2022-22822
|
| VCID-q4dm-bt19-nqb3 | xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. |
CVE-2022-25236
|
| VCID-q5fr-c58g-sfeb | In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. |
CVE-2022-25315
|
| VCID-uz2p-4rh7-pbcw | regression update |
DSA-5085-2 expat
|
| VCID-vk74-susn-mqfq | lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
CVE-2022-22825
|
| VCID-xauk-rmhq-cuh2 | In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early. A subsequent call to XML_GetCurrentLineNumber or XML_GetCurrentColumnNumber then resulted in a heap-based buffer over-read. |
CVE-2019-15903
|
| VCID-y4x5-nuu2-rbcv | In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. |
CVE-2022-43680
|
| VCID-yekb-k4pt-3qea | In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). |
CVE-2021-45960
|
| VCID-yf5j-7dnb-5ydf | xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. |
CVE-2022-25235
|
| VCID-zdee-murq-j7ay | Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. |
CVE-2022-23990
|