VulnerableCode Package Details - pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-6y74-4uqv-dka3	An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.	CVE-2024-50602
VCID-a7ry-4dn3-aaan	libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.	CVE-2023-52426
VCID-bmun-mv6e-aaar	libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.	CVE-2023-52425
VCID-mr2r-p1cb-aaam	libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).	CVE-2024-28757
VCID-xbh1-6d4r-cbfa	libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat	CVE-2024-8176

Vulnerability

Summary

Aliases

VCID-6y74-4uqv-dka3

An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.

CVE-2024-50602

VCID-a7ry-4dn3-aaan

libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.

CVE-2023-52426

VCID-bmun-mv6e-aaar

libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.

CVE-2023-52425

VCID-mr2r-p1cb-aaam

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

CVE-2024-28757

VCID-xbh1-6d4r-cbfa

libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat

CVE-2024-8176

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-22T08:51:48.680326+00:00	Debian Importer	Fixing	VCID-bmun-mv6e-aaar	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-22T01:16:44.593008+00:00	Debian Importer	Fixing	VCID-xbh1-6d4r-cbfa	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-21T20:31:50.494705+00:00	Debian Importer	Fixing	VCID-mr2r-p1cb-aaam	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-20T22:27:27.167129+00:00	Debian Importer	Fixing	VCID-6y74-4uqv-dka3	https://security-tracker.debian.org/tracker/data/json	36.1.3
2025-06-02T08:59:57.453164+00:00	Debian Importer	Fixing	VCID-a7ry-4dn3-aaan	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-06-02T07:49:34.832752+00:00	Debian Importer	Fixing	VCID-6y74-4uqv-dka3	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-06-01T16:34:51.115416+00:00	Debian Importer	Fixing	VCID-bmun-mv6e-aaar	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-06-01T11:07:03.686191+00:00	Debian Importer	Fixing	VCID-xbh1-6d4r-cbfa	https://security-tracker.debian.org/tracker/data/json	36.0.0
2025-06-01T08:05:23.404879+00:00	Debian Importer	Fixing	VCID-mr2r-p1cb-aaam	https://security-tracker.debian.org/tracker/data/json	36.0.0