Search for packages
Package details: pkg:deb/debian/expat@2.5.0-1%2Bdeb12u1
purl pkg:deb/debian/expat@2.5.0-1%2Bdeb12u1
Tags Ghost
Next non-vulnerable version 2.5.0-1+deb12u2
Latest non-vulnerable version 2.5.0-1+deb12u2
Risk 3.4
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-dgs1-y858-hfhp
Aliases:
CVE-2024-50602
An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.
2.5.0-1+deb12u2
Affected by 0 other vulnerabilities.
VCID-evqy-f4at-7qed
Aliases:
CVE-2024-28757
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
2.5.0-1+deb12u2
Affected by 0 other vulnerabilities.
VCID-phjj-j9b4-w7ft
Aliases:
CVE-2023-52425
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
2.5.0-1+deb12u2
Affected by 0 other vulnerabilities.
VCID-xvec-3w4v-9kgt
Aliases:
CVE-2024-8176
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.
2.5.0-1+deb12u2
Affected by 0 other vulnerabilities.
VCID-zemq-5gq1-bbda
Aliases:
CVE-2023-52426
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.
2.5.0-1+deb12u2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-08-01T17:42:55.756171+00:00 Debian Oval Importer Fixing VCID-phjj-j9b4-w7ft https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T17:34:12.708037+00:00 Debian Oval Importer Fixing VCID-qjez-wwmn-nfed https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T16:20:34.625561+00:00 Debian Oval Importer Fixing VCID-um4b-36qj-g7fm https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T14:13:49.391546+00:00 Debian Oval Importer Fixing VCID-jk3t-c9pe-c3a1 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T13:44:41.832094+00:00 Debian Oval Importer Fixing VCID-dgs1-y858-hfhp https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 37.0.0
2025-08-01T13:20:49.651701+00:00 Debian Importer Affected by VCID-phjj-j9b4-w7ft https://security-tracker.debian.org/tracker/data/json 37.0.0
2025-08-01T13:19:18.594227+00:00 Debian Importer Affected by VCID-evqy-f4at-7qed https://security-tracker.debian.org/tracker/data/json 37.0.0
2025-08-01T13:17:51.447944+00:00 Debian Importer Affected by VCID-zemq-5gq1-bbda https://security-tracker.debian.org/tracker/data/json 37.0.0
2025-08-01T13:03:20.733369+00:00 Debian Importer Affected by VCID-xvec-3w4v-9kgt https://security-tracker.debian.org/tracker/data/json 37.0.0
2025-08-01T12:41:52.047982+00:00 Debian Importer Fixing VCID-tbtw-x77z-sfed https://security-tracker.debian.org/tracker/data/json 37.0.0
2025-08-01T12:18:33.588858+00:00 Debian Importer Affected by VCID-dgs1-y858-hfhp https://security-tracker.debian.org/tracker/data/json 37.0.0