CVE-2026-4224

When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs...

CVE-2026-4224

When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs...

CVE-2026-4224 Stack overflow parsing XML with deeply nested DTD content models

When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model a C stack overflow occurs...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the external parameter entity with empty text if referenced inside an entity declaration value processing. An attacker can cause a denial of service by providing empty content to this component. Remediation...

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in the DTD parsing process. An attacker can cause the application to enter an infinite loop by providing specially crafted DTD content. Remediation Upgrade expat to version 2.7.5 or higher. References - GitHub Commit -...

libexpat 安全漏洞

libexpat is a streaming XML parser written in C language by the libexpat team. Versions of libexpat prior to 2.7.5 had security vulnerabilities, which stemmed from allowing infinite loops during the parsing of DTD content...

CVE-2013-6244

The Live Update webdynpro application webdynpro/dispatcher/sap.com/tcslmuilup/LUP in SAP NetWeaver 7.31 and earlier allows remote attackers to read arbitrary files and directories via an XML document containing an external entity declaration in conjunction with an entity reference, related to an...

PT-2026-25791

Name of the Vulnerable Software and Affected Versions Expat affected versions not specified Description The Expat parser, when used with a registered ElementDeclHandler, is susceptible to a C stack overflow when processing an inline document type definition with a deeply nested content model. Thi...

PT-2025-53980

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.0.0-syzkaller-02734-g0326074ff465 Description The Linux kernel contained a flaw where a decl tag could be referenced in a func proto. This issue was discovered through Syzkaller testing and analysis by Martin...

NULL Pointer Dereference

Overview libxmljs is a libxml bindings for v8 javascript engine Affected versions of this package are vulnerable to NULL Pointer Dereference in the parsing process of specially crafted XML documents when accessing the ref property on entityref and entitydecl nodes. An attacker can cause a...

CVE-2025-25341

A vulnerability exists in the libxmljs 1.0.11 when parsing a specially crafted XML document. Accessing the internal ref property on entityref and entitydecl nodes causes a segmentation fault, potentially leading to a denial-of-service DoS...

CVE-2025-25341

A vulnerability exists in the libxmljs 1.0.11 when parsing a specially crafted XML document. Accessing the internal ref property on entityref and entitydecl nodes causes a segmentation fault, potentially leading to a denial-of-service DoS...

PT-2025-53592

Name of the Vulnerable Software and Affected Versions libxmljs version 1.0.11 Description A flaw exists in libxmljs when processing a specifically designed XML document. Accessing the internal ref property on entity ref and entity decl nodes can result in a segmentation fault, potentially causing...

EUVD-2025-205443

A vulnerability exists in the libxmljs 1.0.11 when parsing a specially crafted XML document. Accessing the internal ref property on entityref and entitydecl nodes causes a segmentation fault, potentially leading to a denial-of-service DoS...

CVE-2024-58335

OpenXRechnungToolbox through 2024-10-05-3.0.0 before 6c50e89 allows XXE because the disallow-doctype-decl feature is not enabled in visualization/VisualizerImpl.java...

CVE-2023-54056

In the Linux kernel, the following vulnerability has been resolved: kheaders: Use array declaration instead of char Under CONFIGFORTIFYSOURCE, memcpy will check the size of destination and source buffers. Defining kernelheadersdata as "char" would trip this check. Since these addresses are treate...

CVE-2023-54056 kheaders: Use array declaration instead of char

In the Linux kernel, the following vulnerability has been resolved: kheaders: Use array declaration instead of char Under CONFIGFORTIFYSOURCE, memcpy will check the size of destination and source buffers. Defining kernelheadersdata as "char" would trip this check. Since these addresses are treate...

CVE-2023-54056 kheaders: Use array declaration instead of char

In the Linux kernel, the following vulnerability has been resolved: kheaders: Use array declaration instead of char Under CONFIGFORTIFYSOURCE, memcpy will check the size of destination and source buffers. Defining kernelheadersdata as "char" would trip this check. Since these addresses are treate...

CVE-2023-54056

The CVE-2023-54056 entry concerns the Linux kernel kheaders path. The underlying issue was that kernel_headers_data was defined as a char array, which trips FortifySource checks during memcpy by treating addresses as byte arrays; the fix is to define them as proper arrays (as with other code path...

CVE-2024-58335

OpenXRechnungToolbox through 2024-10-05-3.0.0 before 6c50e89 allows XXE because the disallow-doctype-decl feature is not enabled in visualization/VisualizerImpl.java...