MiracleLinux 7 : expat-2.1.0-15.0.1.el7.AXS7 (AXSA:2024-8927:07)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8927:07 advisory. CVE-2024-45490: Reject negative length for XMLParseBuffer in xmlparse.c CVE-2024-45491: Detect integer overflow in dtdCopy on 32-bit platforms...

SUSE-SU-2026:0044-1 Security update for mozjs60

This update for mozjs60 fixes the following issues: - CVE-2024-45492: embedded expat: detect integer overflow in function nextScaffoldPart bsc1230038 - CVE-2024-45491: embedded expat: detect integer overflow in dtdCopy bsc1230037 - CVE-2024-45490: embedded expat: reject negative len for...

Security update for mozjs52

This update for mozjs52 fixes the following issues: CVE-2024-45491: Fixed integer overflow in dtdCopy bsc1230037 CVE-2024-50602: Fixed DoS via XMLResumeParser bsc1232599 CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart bsc1230038 CVE-2024-45490: Fixed negative len for...

SUSE-SU-2025:4512-1 Security update for mozjs52

This update for mozjs52 fixes the following issues: - CVE-2024-45491: Fixed integer overflow in dtdCopy bsc1230037 - CVE-2024-50602: Fixed DoS via XMLResumeParser bsc1232599 - CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart bsc1230038 - CVE-2024-45490: Fixed negative len for...

expat: Integer overflow in nextScaffoldPart in xmlparse.c

expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability,...

expat: Integer overflow in nextScaffoldPart in xmlparse.c

expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability,...

JLSEC-2025-48 nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

nextScaffoldPart in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow...

JLSEC-2025-64 An issue was discovered in libexpat before 2.6.3

An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for mgroupSize on 32-bit platforms where UINTMAX equals SIZEMAX...

Mageia: Security Advisory (MGASA-2024-0338)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for mozjs78

This update for mozjs78 fixes the following issues: CVE-2024-45490: Fixed negative len for XMLParseBuffer in embedded expat bnc1230036 CVE-2024-45491: Fixed integer overflow in dtdCopy in embedded expat bnc1230037 CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart in embedded exp...

SUSE-SU-2024:3554-1 Security update for mozjs78

This update for mozjs78 fixes the following issues: - CVE-2024-45490: Fixed negative len for XMLParseBuffer in embedded expat bnc1230036 - CVE-2024-45491: Fixed integer overflow in dtdCopy in embedded expat bnc1230037 - CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart in embedd...

SUSE-SU-2024:3538-1 Security update for mozjs115

This update for mozjs115 fixes the following issues: - CVE-2024-45490: Fixed negative len for XMLParseBuffer in embedded expat bnc1230036 - CVE-2024-45491: Fixed integer overflow in dtdCopy in embedded expat bnc1230037 - CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart in...

libexpat: integer overflow

A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for mgroupSize on 32-bit platforms where UINTMAX equals SIZEMAX...

An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : expat (SUSE-SU-2024:3216-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3216-1 advisory. - CVE-2024-45492: integer overflow in function nextScaffoldPart. bsc1229932 - CVE-2024-45491:...

CLSA-2024-1725993966 expat: Fix of 2 CVEs

CVE-2024-45491: Detect integer overflow in dtdCopy on 32-bit platforms - CVE-2024-45492: Detect integer overflow in nextScaffoldPart on 32-bit platforms...

CLSA-2024-1725993841 expat: Fix of 2 CVEs

CVE-2024-45491: Detect integer overflow in dtdCopy on 32-bit platforms - CVE-2024-45492: Detect integer overflow in nextScaffoldPart on 32-bit platforms...

SUSE SLES12 Security Update : expat (SUSE-SU-2024:3182-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3182-1 advisory. - CVE-2024-45492: Detect integer overflow in function nextScaffoldPart. bsc1229932 - CVE-2024-45491: Detect integer overflow in...

CLSA-2024-1725650114 expat: Fix of 3 CVEs

CVE-2024-45490: reject negative length in XMLParseBuffer - CVE-2024-45491: detect integer overflow in dtdCopy on 32-bit platforms - CVE-2024-45492: detect integer overflow in nextScaffoldPart on 32-bit platforms...

CVE-2024-45492

A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for mgroupSize on 32-bit platforms where UINTMAX equals SIZEMAX. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat...