OESA-2026-2498 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before version 2.7.6 uses insufficient entropy, allowing attackers to cause hash flooding via a crafted XML...

[SECURITY] Fedora 43 Update: mingw-expat-2.8.1-1.fc43

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

[SECURITY] Fedora 44 Update: mingw-expat-2.8.1-1.fc44

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

CVE-2026-7210

xml.parsers.expat and xml.etree.ElementTree use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch...

[SECURITY] Fedora 42 Update: mingw-expat-2.7.5-1.fc42

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

MiracleLinux 4 : expat-2.0.1-11.AXS4 (AXSA:2012-577:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-577:01 advisory. This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers wi...

EUVD-2012-0901

Malware in sbrugna...

EUVD-2004-1375

Malware in sbrugna...

[SECURITY] Fedora 41 Update: expat-2.7.2-1.fc41

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

ROS-20250908-01

A vulnerability in the Expat XML parsing library is related to incorrect restriction of XML references to external objects. Exploitation of the vulnerability could allow a remote attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service. sensitive data,...

[SECURITY] [DLA 4145-1] expat security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4145-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz April 30, 2025 https://wiki.debian.org/LTS -...

Security Bulletin: IBM Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.9

Summary Apache Portable Runtime, The Expat XML Parser and DOORS Web Access are identified as vulnerable components with multiple reported vulnerabilities. The IBM Engineering Requirements Management DOORS/DWA product version 9.7.2.8 is vulnerable to the below mentioned CVEs. Remediation actions a...

Linux Distros Unpatched Vulnerability : CVE-2016-5300

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context- dependent attackers to cause a denial of service CPU...

USN-7199-1: xmltok library vulnerabilities

It was discovered that Expat, contained within the xmltok library, incorrectly handled malformed XML data. If a user or application were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. CVE-2015-1283, CVE-2016-0718,...

F5 Networks BIG-IP : Expat XML parser vulnerability (K51011533)

The version of F5 Networks BIG-IP installed on the remote host is prior to 13.1.4.1 / 13.1.5 / 14.1.4.2 / 14.1.4.5 / 15.1.3 / 15.1.4 / 16.0.1.2 / 16.1.0 / 16.1.2 / 17.0.0. It is, therefore, affected by a vulnerability as referenced in the K51011533 advisory. - In libexpat in Expat before 2.2.7, X...

Important: firefox

Issue Overview: Integer overflow vulnerability in avtimecodemakestring in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service DoS via crafted .mov file. CVE-2021-28429 A vulnerability was found in expat. With this flaw, it is possible to create a...

K70938105: Expat XML library vulnerability CVE-2016-5300

Security Advisory Description The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete...

K15104541: Expat XML library vulnerability CVE-2015-1283

Security Advisory Description Multiple integer overflows in the XMLGetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact v...

K22232964: Expat XML library vulnerability CVE-2016-4472

Security Advisory Description The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an...

USN-5638-2: Expat vulnerabilities

USN-5638-1 fixed a vulnerability in Expat. This update provides the corresponding updates for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. It was discovered that Expat incorrectly handled memory in out-of-memory situations. An attacker could possibly use this issue to cause a crash,...