Astra Linux - уязвимость в libxmltok

In the libexpat library in ExPat before version 2.2.7, XML input containing XML elements with a large number of colons could cause the XML parser to consume a high amount of RAM and CPU resources during processing. This behavior could potentially be exploited in denial-of-service attacks...

Ubuntu: Security Advisory (USN-8023-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-8023-1 libxmltok vulnerabilities

It was discovered that Expat, contained within the xmltok library, incorrectly handled the initialization of parsers for external entities. An attacker could possibly use this issue to cause a denial of service. CVE-2026-24515 It was discovered that Expat, contained within the xmltok library,...

Ubuntu: Security Advisory (USN-7307-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7307-1 libxmltok vulnerability

Tim Boddy discovered that Expat, contained within the xmltok library, did not properly handle memory reallocation when processing XML files. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessi...

Ubuntu: Security Advisory (USN-7199-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-7001-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7001-2 libxmltok vulnerabilities

USN-7001-1 fixed vulnerabilities in xmltol library. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: Shang-Hung Wan discovered that Expat, contained within the xmltok library, did not properly handle certain function calls when a negative input lengt...

USN-7001-1 libxmltok vulnerabilities

Shang-Hung Wan discovered that Expat, contained within the xmltok library, did not properly handle certain function calls when a negative input length was provided. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. CVE-2024-45490 Shang-Hung Wan...

Ubuntu: Security Advisory (USN-7001-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5455-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-25314

In Expat aka libexpat before 2.4.5, there is an integer overflow in copyString...

CVE-2022-25315

In Expat aka libexpat before 2.4.5, there is an integer overflow in storeRawNames...

CVE-2022-23990

Expat aka libexpat before 2.4.4 has an integer overflow in the doProlog function...

CVE-2012-6702

Expat, when used in a parser that has not called XMLSetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function...