PT-2026-4328

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.7.4 Description The issue resides in the XML ExternalEntityParserCreate function. It does not properly copy user data for unknown encoding handlers, potentially leading to memory corruption. Reports indicate a...

JLSEC-2025-61 libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external ...

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers created via XMLExternalEntityParserCreate...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: expat (UTSA-2025-986162)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986162 advisory. In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory situations...

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

...

Important: expat

Issue Overview: libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers created via XMLExternalEntityParserCreate. CVE-2024-28757 Affected Packages: expat Issue Correction: Run dnf update expat --releasever 2023.4.20240401 or dnf update --adviso...

UBUNTU-CVE-2024-28757

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers created via XMLExternalEntityParserCreate...

expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate

A use-after-free flaw was found in the Expat package, caused by destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory situations. This may lead to availability disruptions...

CLSA-2023-1696877712 expat: Fix of 2 CVEs

CVE-2022-23990: lib: prevent integer overflow in function doProlog - CVE-2022-43680: fix overeager DTD destruction in XMLExternalEntityParserCreate...

expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate

A use-after-free flaw was found in the Expat package, caused by destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory situations. This may lead to availability disruptions...

expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate

A use-after-free flaw was found in the Expat package, caused by destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory situations. This may lead to availability disruptions...

expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate

A use-after-free flaw was found in the Expat package, caused by destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory situations. This may lead to availability disruptions...

OESA-2022-2037 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in...

DEBIAN-CVE-2022-43680

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory situations...

libexpat 资源管理错误漏洞

libexpat is a streaming XML parser written in C. A resource management error vulnerability exists in libexpat version 2.4.9 and earlier versions, which stems from over-corrupting a shared DTD in XMLExternalEntityParserCreate in an out-of-memory scenario resulting in memory reuse after release...

CLSA-2022-1664193203 Fixed CVE-2022-40674 in expat

CVE-2022-40674: Ensure raw tagnames are safe exiting internalEntityParser - fix tests leak - fix xmlparse leak...

CLSA-2022-1664192896 Fixed CVE-2022-40674 in expat

CVE-2022-40674: Ensure raw tagnames are safe exiting internalEntityParser...

CLSA-2022-1664192553 Fix CVE(s): CVE-2022-40674

SECURITY UPDATE: Unsafe exiting internalEntityParser - debian/patches/CVE-2022-40674.patch: Ensure raw tagnames are safe exiting internalEntityParser - CVE-2022-40674 tests were activated some leaks fixed: - debian/patches/fix-leak-xmlparse.patch: tidy up attribute prefix bindings on error fixes ...

Mageia: Security Advisory (MGASA-2018-0428)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-36172

An improper restriction of XML external entity reference vulnerability in the parser of XML responses of FortiPortal before 6.0.6 may allow an attacker who controls the producer of XML reports consumed by FortiPortal to trigger a denial of service or read arbitrary files from the underlying file...

Fedora 28 : perl-Dancer2 (2018-ded377a782)

Dancer2 0.206000 addresses several potential security issues. There is a potential RCE with regards to Storable. Dancer2 adds session ID validation to the session engine so that session backends based on Storable can reject malformed session IDs that may lead to exploitation of the RCE. Parsing...