VulnerableCode Package Details - pkg:deb/debian/expat@2.5.0-1%2Bdeb12u1

Search for packages

Package details: pkg:deb/debian/expat@2.5.0-1%2Bdeb12u1

Essentials
History (11)

purl	pkg:deb/debian/expat@2.5.0-1%2Bdeb12u1

Next non-vulnerable version	2.5.0-1+deb12u2
Latest non-vulnerable version	2.5.0-1+deb12u2
Risk	3.4

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-dgs1-y858-hfhp Aliases: CVE-2024-50602	An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.	2.5.0-1+deb12u2 Affected by 0 other vulnerabilities.
VCID-evqy-f4at-7qed Aliases: CVE-2024-28757	libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).	2.5.0-1+deb12u2 Affected by 0 other vulnerabilities.
VCID-phjj-j9b4-w7ft Aliases: CVE-2023-52425	libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.	2.5.0-1+deb12u2 Affected by 0 other vulnerabilities.
VCID-xvec-3w4v-9kgt Aliases: CVE-2024-8176	A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.	2.5.0-1+deb12u2 Affected by 0 other vulnerabilities.
VCID-zemq-5gq1-bbda Aliases: CVE-2023-52426	libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.	2.5.0-1+deb12u2 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (6)

Vulnerability	Summary	Aliases
VCID-dgs1-y858-hfhp	An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.	CVE-2024-50602
VCID-jk3t-c9pe-c3a1	An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).	CVE-2024-45491
VCID-phjj-j9b4-w7ft	libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.	CVE-2023-52425
VCID-qjez-wwmn-nfed	An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.	CVE-2024-45490
VCID-tbtw-x77z-sfed	expat: internal entity expansion	CVE-2013-0340
VCID-um4b-36qj-g7fm	An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).	CVE-2024-45492

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T17:42:55.756171+00:00	Debian Oval Importer	Fixing	VCID-phjj-j9b4-w7ft	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T17:34:12.708037+00:00	Debian Oval Importer	Fixing	VCID-qjez-wwmn-nfed	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:20:34.625561+00:00	Debian Oval Importer	Fixing	VCID-um4b-36qj-g7fm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T14:13:49.391546+00:00	Debian Oval Importer	Fixing	VCID-jk3t-c9pe-c3a1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:44:41.832094+00:00	Debian Oval Importer	Fixing	VCID-dgs1-y858-hfhp	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:20:49.651701+00:00	Debian Importer	Affected by	VCID-phjj-j9b4-w7ft	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T13:19:18.594227+00:00	Debian Importer	Affected by	VCID-evqy-f4at-7qed	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T13:17:51.447944+00:00	Debian Importer	Affected by	VCID-zemq-5gq1-bbda	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T13:03:20.733369+00:00	Debian Importer	Affected by	VCID-xvec-3w4v-9kgt	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T12:41:52.047982+00:00	Debian Importer	Fixing	VCID-tbtw-x77z-sfed	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T12:18:33.588858+00:00	Debian Importer	Affected by	VCID-dgs1-y858-hfhp	https://security-tracker.debian.org/tracker/data/json	37.0.0