Astra Linux – Vulnerabilities in Firefox, Thunderbird, Expat, LibXMLTok

The lookup function in xmlparse.c within Expat also known as libexpat has an integer overflow before version 2.4.3...

Siemens SIMATIC S7-1500 Integer Overflow or Wraparound (CVE-2021-46143)

In doProlog in xmlparse.c in Expat aka libexpat before 2.4.3, an integer overflow exists for mgroupSize. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description...

Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current expat Multiple Vulnerabilities (SSA:2022-050-01)

The version of expat installed on the remote host is prior to 2.4.3 / 2.4.5. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-050-01 advisory. - xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a...

CVE-2021-45960

In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory...