VulnerableCode Package Details - pkg:deb/debian/expat@2.5.0-1%2Bdeb12u2

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-dgs1-y858-hfhp	An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.	CVE-2024-50602
VCID-evqy-f4at-7qed	libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).	CVE-2024-28757
VCID-phjj-j9b4-w7ft	libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.	CVE-2023-52425
VCID-xvec-3w4v-9kgt	A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.	CVE-2024-8176
VCID-zemq-5gq1-bbda	libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.	CVE-2023-52426

Vulnerability

Summary

Aliases

VCID-dgs1-y858-hfhp

An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.

CVE-2024-50602

VCID-evqy-f4at-7qed

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

CVE-2024-28757

VCID-phjj-j9b4-w7ft

libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.

CVE-2023-52425

VCID-xvec-3w4v-9kgt

A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.

CVE-2024-8176

VCID-zemq-5gq1-bbda

libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.

CVE-2023-52426

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T13:20:49.656532+00:00	Debian Importer	Fixing	VCID-phjj-j9b4-w7ft	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T13:19:18.599061+00:00	Debian Importer	Fixing	VCID-evqy-f4at-7qed	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T13:17:51.452780+00:00	Debian Importer	Fixing	VCID-zemq-5gq1-bbda	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T13:03:20.738271+00:00	Debian Importer	Fixing	VCID-xvec-3w4v-9kgt	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-01T12:18:33.594467+00:00	Debian Importer	Fixing	VCID-dgs1-y858-hfhp	https://security-tracker.debian.org/tracker/data/json	37.0.0