Lucene search
K

8 matches found

OSV
OSV
added 2026/02/04 6:9 p.m.2 views

MGASA-2026-0031 Updated expat packages fix security vulnerabilities

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data. CVE-2026-24515 In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation...

7.8CVSS5.5AI score0.00193EPSS
Exploits0References3
Snyk
Snyk
added 2026/01/23 8:49 a.m.2 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference due to improper handling of user data in the XMLExternalEntityParserCreate function. An attacker can cause a denial of service by supplying crafted input that triggers a null pointer dereference. Remediation...

5.5CVSS6.8AI score0.0017EPSS
Exploits0References2
OSV
OSV
added 2026/01/23 8:16 a.m.6 views

CVE-2026-24515

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data...

2.5CVSS5.8AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/01/25 8:12 a.m.5 views

expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate

A use-after-free flaw was found in the Expat package, caused by destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory situations. This may lead to availability disruptions...

7.5CVSS6.7AI score0.02241EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2023/01/06 12:0 a.m.19 views

EulerOS 2.0 SP9 : expat (EulerOS-SA-2023-1098)

According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCreate in...

7.5CVSS7.2AI score0.02241EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2022/11/21 12:43 p.m.5 views

expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate

A use-after-free flaw was found in the Expat package, caused by destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory situations. This may lead to availability disruptions...

7.5CVSS6.7AI score0.02241EPSS
Exploits1References5
OSV
OSV
added 2022/11/02 6:12 p.m.6 views

CLSA-2022-1667412749 Fix CVE(s): CVE-2022-43680

SECURITY UPDATE: Fix overeager DTD destruction - debian/patches/CVE-2022-43680: Fix heap use-after-free after overeager destruction of a shared DTD in function XMLExternalEntityParserCreate in out-of-memory situations - CVE-2022-43680...

7.5CVSS6.7AI score0.02241EPSS
Exploits1References1
OSV
OSV
added 2022/10/24 2:15 p.m.1 views

UBUNTU-CVE-2022-43680

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCreate in out-of-memory situations...

7.5CVSS6.8AI score0.02241EPSS
Exploits1References8
Rows per page
Query Builder