Search for packages
| purl | pkg:deb/debian/expat@2.2.0-2%2Bdeb9u3 |
| Next non-vulnerable version | 2.5.0-1+deb12u2 |
| Latest non-vulnerable version | 2.5.0-1+deb12u2 |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-38en-btnt-5bhw
Aliases: CVE-2022-25314 |
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. |
Affected by 24 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-3g24-e9ng-z7gx
Aliases: CVE-2022-40674 |
A flaw in XML parsing could have led to a use-after-free causing a potentially exploitable crash.*In official releases of Firefox this vulnerability is mitigated by wasm sandboxing; versions managed by Linux distributions may have other settings.* |
Affected by 9 other vulnerabilities. |
|
VCID-47ja-wy36-m7ey
Aliases: CVE-2022-25313 |
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. |
Affected by 24 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-7ry9-j4mj-9qbv
Aliases: CVE-2022-22827 |
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
Affected by 24 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-bfcc-wr6s-bbeb
Aliases: CVE-2021-46143 |
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. |
Affected by 24 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-d5kt-vj2g-2uf6
Aliases: CVE-2022-23852 |
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. |
Affected by 24 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-dgs1-y858-hfhp
Aliases: CVE-2024-50602 |
An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. |
Affected by 5 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-emb9-ht45-suej
Aliases: CVE-2022-22824 |
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
Affected by 24 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-eymk-66au-wbfe
Aliases: CVE-2022-22826 |
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
Affected by 24 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-fsrs-93re-6bf3
Aliases: CVE-2022-22823 |
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
Affected by 24 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-jk3t-c9pe-c3a1
Aliases: CVE-2024-45491 |
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). |
Affected by 5 other vulnerabilities. |
|
VCID-mfbg-qmnn-cbbw
Aliases: CVE-2017-9233 |
Affected by 24 other vulnerabilities. |
|
|
VCID-p912-5aeb-xqdq
Aliases: CVE-2022-22822 |
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
Affected by 24 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-phjj-j9b4-w7ft
Aliases: CVE-2023-52425 |
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. |
Affected by 5 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-q4dm-bt19-nqb3
Aliases: CVE-2022-25236 |
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. |
Affected by 24 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-q5fr-c58g-sfeb
Aliases: CVE-2022-25315 |
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. |
Affected by 24 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-qjez-wwmn-nfed
Aliases: CVE-2024-45490 |
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. |
Affected by 5 other vulnerabilities. |
|
VCID-um4b-36qj-g7fm
Aliases: CVE-2024-45492 |
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). |
Affected by 5 other vulnerabilities. |
|
VCID-up6m-s5s7-rfft
Aliases: CVE-2018-20843 |
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). |
Affected by 24 other vulnerabilities. |
|
VCID-uz2p-4rh7-pbcw
Aliases: DSA-5085-2 expat |
regression update |
Affected by 24 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-vk74-susn-mqfq
Aliases: CVE-2022-22825 |
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
Affected by 24 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-xauk-rmhq-cuh2
Aliases: CVE-2019-15903 |
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early. A subsequent call to XML_GetCurrentLineNumber or XML_GetCurrentColumnNumber then resulted in a heap-based buffer over-read. |
Affected by 24 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-y4x5-nuu2-rbcv
Aliases: CVE-2022-43680 |
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. |
Affected by 9 other vulnerabilities. |
|
VCID-yekb-k4pt-3qea
Aliases: CVE-2021-45960 |
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). |
Affected by 24 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-yf5j-7dnb-5ydf
Aliases: CVE-2022-25235 |
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. |
Affected by 24 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-zdee-murq-j7ay
Aliases: CVE-2022-23990 |
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. |
Affected by 24 other vulnerabilities. Affected by 9 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-3z29-h785-4yhn | An integer overflow during the parsing of XML using the Expat library. |
CVE-2016-9063
|
| VCID-6jd3-b5g2-zbff |
CVE-2012-6702
|
|
| VCID-mfbg-qmnn-cbbw |
CVE-2017-9233
|
|
| VCID-qjkj-j7hf-xkge |
CVE-2016-5300
|
|
| VCID-qze5-cvx4-s3d5 | Security researcher Gustavo Grieco reported a potential out-of-bounds read parsing malformed XML data during character conversion. This is due to a bug in the Expat library, which is used in Firefox. This could allow an attacker to read other inaccessible memory. |
CVE-2016-0718
|
| VCID-up6m-s5s7-rfft | In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). |
CVE-2018-20843
|
| VCID-wrj7-4vk5-37f3 |
CVE-2016-4472
|
|
| VCID-xauk-rmhq-cuh2 | In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early. A subsequent call to XML_GetCurrentLineNumber or XML_GetCurrentColumnNumber then resulted in a heap-based buffer over-read. |
CVE-2019-15903
|
| VCID-ys9z-bfuk-s7hr |
CVE-2015-1283
|