34 matches found
MiracleLinux 7 : expat-2.1.0-15.0.1.el7.AXS7 (AXSA:2024-8927:07)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8927:07 advisory. CVE-2024-45490: Reject negative length for XMLParseBuffer in xmlparse.c CVE-2024-45491: Detect integer overflow in dtdCopy on 32-bit platforms...
Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: mingw-expat (UTSA-2026-004807)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004807 advisory. An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms where UINTMAX equals SIZEMA...
SUSE-SU-2026:0044-1 Security update for mozjs60
This update for mozjs60 fixes the following issues: - CVE-2024-45492: embedded expat: detect integer overflow in function nextScaffoldPart bsc1230038 - CVE-2024-45491: embedded expat: detect integer overflow in dtdCopy bsc1230037 - CVE-2024-45490: embedded expat: reject negative len for...
Security update for mozjs52
This update for mozjs52 fixes the following issues: CVE-2024-45491: Fixed integer overflow in dtdCopy bsc1230037 CVE-2024-50602: Fixed DoS via XMLResumeParser bsc1232599 CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart bsc1230038 CVE-2024-45490: Fixed negative len for...
SUSE-SU-2025:4512-1 Security update for mozjs52
This update for mozjs52 fixes the following issues: - CVE-2024-45491: Fixed integer overflow in dtdCopy bsc1230037 - CVE-2024-50602: Fixed DoS via XMLResumeParser bsc1232599 - CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart bsc1230038 - CVE-2024-45490: Fixed negative len for...
JLSEC-2025-63 An issue was discovered in libexpat before 2.6.3
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms where UINTMAX equals SIZEMAX...
libexpat: Integer Overflow or Wraparound
An issue was found in libexpat’s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINTMAX equals SIZEMAX...
Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to OpenSSL and libexpat
Summary OpenSSL and Libexpat used by IBM MQ Operator and Queue Manager container images are vulnerable to denial of service due to improper memory allocation, and providing weaker than expected security which might allow an attacker to execute arbitrary code on the system. This bulletin identifie...
Mageia: Security Advisory (MGASA-2024-0338)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for mozjs78
This update for mozjs78 fixes the following issues: CVE-2024-45490: Fixed negative len for XMLParseBuffer in embedded expat bnc1230036 CVE-2024-45491: Fixed integer overflow in dtdCopy in embedded expat bnc1230037 CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart in embedded exp...
SUSE-SU-2024:3554-1 Security update for mozjs78
This update for mozjs78 fixes the following issues: - CVE-2024-45490: Fixed negative len for XMLParseBuffer in embedded expat bnc1230036 - CVE-2024-45491: Fixed integer overflow in dtdCopy in embedded expat bnc1230037 - CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart in embedd...
SUSE-SU-2024:3538-1 Security update for mozjs115
This update for mozjs115 fixes the following issues: - CVE-2024-45490: Fixed negative len for XMLParseBuffer in embedded expat bnc1230036 - CVE-2024-45491: Fixed integer overflow in dtdCopy in embedded expat bnc1230037 - CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart in...
libexpat: Integer Overflow or Wraparound
An issue was found in libexpat’s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINTMAX equals SIZEMAX...
libexpat: Integer Overflow or Wraparound
An issue was found in libexpat’s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINTMAX equals SIZEMAX...
CLSA-2024-1726608017 Fix CVE(s): CVE-2024-45491, CVE-2024-45492
SECURITY UPDATE: Avoid integer overflow on 32 bits systems - debian/patches/CVE-2024-45491.patch: fix dtdCopy in xmlparse.c - CVE-2024-45491 SECURITY UPDATE: Avoid integer overflow on 32 bits systems - debian/patches/CVE-2024-45492.patch: fix nextScaffoldPart in xmlparse.c - CVE-2024-45492...
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : expat (SUSE-SU-2024:3216-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3216-1 advisory. - CVE-2024-45492: integer overflow in function nextScaffoldPart. bsc1229932 - CVE-2024-45491:...
CLSA-2024-1726163188 Fix CVE(s): CVE-2024-45491, CVE-2024-45492
SECURITY UPDATE: integer overflow - debian/patches/CVE-2024-45491.patch: prevent integer overflow in dtdCopy - CVE-2024-45491 SECURITY UPDATE: integer overflow - debian/patches/CVE-2024-45492.patch: prevent integer overflow in nextScaffoldPart - CVE-2024-45492...
CLSA-2024-1726163032 expat: Fix of 3 CVEs
The release version was raised because it corresponds to version 13 - CVE-2024-45490: reject negative len for XMLParseBuffer to prevent improper restriction of XML External Entity Reference - CVE-2024-45491: prevent integer overflow in dtdCopy - CVE-2024-45492: prevent integer overflow in...
CLSA-2024-1725993966 expat: Fix of 2 CVEs
CVE-2024-45491: Detect integer overflow in dtdCopy on 32-bit platforms - CVE-2024-45492: Detect integer overflow in nextScaffoldPart on 32-bit platforms...