VulnerableCode Package Details - pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-dgs1-y858-hfhp	An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.	CVE-2024-50602
VCID-evqy-f4at-7qed	libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).	CVE-2024-28757
VCID-jk3t-c9pe-c3a1	An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).	CVE-2024-45491
VCID-phjj-j9b4-w7ft	libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.	CVE-2023-52425
VCID-qjez-wwmn-nfed	An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.	CVE-2024-45490
VCID-tbtw-x77z-sfed	expat: internal entity expansion	CVE-2013-0340
VCID-um4b-36qj-g7fm	An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).	CVE-2024-45492
VCID-xvec-3w4v-9kgt	A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.	CVE-2024-8176
VCID-zemq-5gq1-bbda	libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.	CVE-2023-52426

Vulnerability

Summary

Aliases

VCID-dgs1-y858-hfhp

An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.

CVE-2024-50602

VCID-evqy-f4at-7qed

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

CVE-2024-28757

VCID-jk3t-c9pe-c3a1

An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

CVE-2024-45491

VCID-phjj-j9b4-w7ft

libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.

CVE-2023-52425

VCID-qjez-wwmn-nfed

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.

CVE-2024-45490

VCID-tbtw-x77z-sfed

expat: internal entity expansion

CVE-2013-0340

VCID-um4b-36qj-g7fm

An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

CVE-2024-45492

VCID-xvec-3w4v-9kgt

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.

CVE-2024-8176

VCID-zemq-5gq1-bbda

libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.

CVE-2023-52426

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-09-10T04:54:25.481570+00:00	Debian Oval Importer	Fixing	VCID-phjj-j9b4-w7ft	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-09-10T04:44:01.896662+00:00	Debian Oval Importer	Fixing	VCID-qjez-wwmn-nfed	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-09-10T02:31:32.534798+00:00	Debian Oval Importer	Fixing	VCID-um4b-36qj-g7fm	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-09-09T23:09:11.220469+00:00	Debian Oval Importer	Fixing	VCID-jk3t-c9pe-c3a1	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-09-09T22:24:24.558026+00:00	Debian Oval Importer	Fixing	VCID-dgs1-y858-hfhp	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-09-09T19:44:01.524957+00:00	Debian Importer	Fixing	VCID-tbtw-x77z-sfed	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T13:20:49.656532+00:00	Debian Importer	Fixing	VCID-phjj-j9b4-w7ft	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T13:19:18.599061+00:00	Debian Importer	Fixing	VCID-evqy-f4at-7qed	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T13:17:51.452780+00:00	Debian Importer	Fixing	VCID-zemq-5gq1-bbda	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T13:03:20.738271+00:00	Debian Importer	Fixing	VCID-xvec-3w4v-9kgt	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T12:18:33.594467+00:00	Debian Importer	Fixing	VCID-dgs1-y858-hfhp	https://security-tracker.debian.org/tracker/data/json	37.0.0