GPAC MP4Box 安全漏洞

GPAC MP4Box is a multimedia packager. It is primarily used for processing ISOBMF files such as MP4 and 3GP, but it can also be used for importing/exporting media from container files like AVI, MPG, MKV, and MPEG-2 TS. Previous versions of GPAC MP4Box, including version 86b0e36, had a security...

CVE-2026-24852

The CVE-2026-24852 issue affects iccDEV before version 2.3.1.2, where a heap-buffer-over-read can occur in icXmlParseTextString() when strlen() reads a non-null-terminated buffer, potentially leaking heap memory and causing application termination. The fixed release is 2.3.1.2. It involves ICC co...

MiracleLinux 7 : expat-2.1.0-14.el7 (AXSA:2022-3129:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3129:02 advisory. expat: Malformed 2- and 3-byte UTF-8 sequences can lead to arbitrary code execution CVE-2022-25235 expat: Namespace-separator characters in...

CVE-2026-21506

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to Null pointer dereference in CIccProfileXml::ParseBasic, leading to denial of service. This issue has been...

Security update for mozjs52

This update for mozjs52 fixes the following issues: CVE-2024-45491: Fixed integer overflow in dtdCopy bsc1230037 CVE-2024-50602: Fixed DoS via XMLResumeParser bsc1232599 CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart bsc1230038 CVE-2024-45490: Fixed negative len for...

JLSEC-2025-77 An issue was discovered in libxml2 before 2.10.3

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XMLPARSEHUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault...

SUSE-SU-2025:20045-1 Security update for expat

This update for expat fixes the following issues: - CVE-2024-45492: detect integer overflow in function nextScaffoldPart bsc1229932 - CVE-2024-45491: detect integer overflow in dtdCopy bsc1229931 - CVE-2024-45490: reject negative len for XMLParseBuffer bsc1229930 - CVE-2024-28757: XML Entity...

Security update for expat

This update for expat fixes the following issues: CVE-2024-45492: detect integer overflow in function nextScaffoldPart bsc1229932 CVE-2024-45491: detect integer overflow in dtdCopy bsc1229931 CVE-2024-45490: reject negative len for XMLParseBuffer bsc1229930 CVE-2024-28757: XML Entity Expansion...

EulerOS 2.0 SP9 : xmlrpc-c (EulerOS-SA-2025-1067)

According to the versions of the xmlrpc-c package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer.CVE-2024-45490 An issue was...

EulerOS 2.0 SP9 : expat (EulerOS-SA-2024-2827)

According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libexpat through 2.5.0 allows recursive XML Entity Expansion if XMLDTD is undefined at compile time.CVE-2023-52426 An issue was discovered in libexp...

Security update for mozjs115

This update for mozjs115 fixes the following issues: CVE-2024-45490: Fixed negative len for XMLParseBuffer in embedded expat bnc1230036 CVE-2024-45491: Fixed integer overflow in dtdCopy in embedded expat bnc1230037 CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart in embedded...

libexpat: Negative Length Parsing Vulnerability in libexpat

A flaw was found in libexpat's xmlparse.c component. This vulnerability allows an attacker to cause improper handling of XML data by providing a negative length value to the XMLParseBuffer function...

CLSA-2024-1726608591 expat: Fix of 3 CVEs

CVE-2024-45490: Reject negative length for XMLParseBuffer in xmlparse.c - CVE-2024-45491: Detect integer overflow in dtdCopy on 32-bit platforms - CVE-2024-45492: Detect integer overflow in nextScaffoldPart on 32-bit platforms...

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.

...

CLSA-2024-1726163202 expat: Fix of 3 CVEs

The release version was raised because it corresponds to version 13 - CVE-2024-45490: reject negative len for XMLParseBuffer to prevent improper restriction of XML External Entity Reference - CVE-2024-45491: prevent integer overflow in dtdCopy - CVE-2024-45492: prevent integer overflow in...

GHSA-MJR4-7XG5-PFVH libxmljs2 type confusion vulnerability when parsing specially crafted XML

libxmljs2 is vulnerable to type confusion when parsing a specially crafted XML while invoking a function on the result of attrs that was called on a parsed node. This vulnerability might lead to denial of service on both 32-bit systems and 64-bit systems, data leak, infinite loop and remote code...

PT-2023-35642 · Git +1 · Libxml2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type identified as Global-buffer-overflow READ 1. The crash state involves several functions: xmlDictLookupInternal,...

Amazon Linux 2023 : libxml2, libxml2-devel, libxml2-static (ALAS2023-2023-096)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-096 advisory. valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. CVE-2022-23308 A flaw was found in the libxml2 library in functions used to manipulate the xmlBuf and the...

PT-2023-35710 · Git +1 · Libxml2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type identified as Global-buffer-overflow READ 1. The crash state involves several functions: xmlParseContentInternal,...

SUSE CVE-2019-18853

ImageMagick before 7.0.9-0 allows remote attackers to cause a denial of service because XMLPARSEHUGE is not properly restricted in coders/svg.c, related to SVG and libxml2...