EUVD-2022-27963

Malicious code in bioql PyPI...

ROS-20250908-02

A vulnerability in the doContent function of the xmlparse.c file of the XML parser library libexpat is related to a post-release exploit. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

libexpat: integer overflow

A flaw was found in libexpat's internal nextScaffoldPart function in xmlparse.c. It can have an integer overflow for mgroupSize on 32-bit platforms where UINTMAX equals SIZEMAX...

libexpat: Integer Overflow or Wraparound

An issue was found in libexpat’s internal dtdCopy function in xmlparse.c, It can have an integer overflow for nDefaultAtts on 32-bit platforms where UINTMAX equals SIZEMAX...

ROS-20240829-10

A vulnerability in the xmlparse.c file of the libexpat XML file parsing library is related to an integer overflow for nDefaultAtts on 32-bit platforms. Exploitation of the vulnerability could allow an an attacker to cause a denial of service A vulnerability in the xmlparse.c file of the libexpat...

An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

...

Denial Of Service (DOS)

libexpat.so is vulnerable to Denial Of Service DOS. The vulnerability is caused due to a defect within xmlparse.c that does not eject a negative length for XMLParseBuffer...

Integer Overflow

libexpat.so is vulnerable to Integer Overflow. The vulnerability is caused due to a defect in function nextScaffoldPart within xmlparse.c. This can lead to an integer overflow for mgroupSize on 32-bit platforms where UINTMAX equals SIZEMAX...

Integer Overflow

libexpat.so is vulnerable to Integer Overflow. The vulnerability is caused due to a defect in function dtdCopy within xmlparse.c. This can lead to integer overflow for nDefaultAtts on 32-bit platforms whereUINTMAX equals SIZEMAX...

ALPINE-CVE-2024-45491

An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms where UINTMAX equals SIZEMAX...

CVE-2024-45491

An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms where UINTMAX equals SIZEMAX...

libexpat 输入验证错误漏洞

libexpat is a streaming XML parser written in C by the libexpat team. An input validation error vulnerability exists in libexpat versions prior to 2.6.3, which stems from dtdCopy in xmlparse.c on 32-bit platforms that can lead to an nDefaultAtts integer overflow...

libexpat 安全漏洞

libexpat is a streaming XML parser written in C by the libexpat team. A security vulnerability exists in libexpat versions prior to 2.6.3, which stems from the fact that xmlparse.c will not reject the negative length of XMLParseBuffer...

RHEL 8 : expat (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - expat: a use-after-free in the doContent function in xmlparse.c CVE-2022-40674 - In libexpat through 2.4....

CentOS 9 : expat-2.4.9-1.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the expat-2.4.9-1.el9 build changelog. - libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. CVE-2022-40674 Note that Nessus has not tested for this issue bu...

OESA-2023-1464 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few...

OESA-2023-1465 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few...

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

xmlparse.c in Expat aka libexpat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs...

OESA-2023-1454 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: addBinding in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow.CVE-2022-22822 buildmodel in xmlparse.c in Expat aka libexpat before 2.4.3 has an...

EulerOS Virtualization 3.0.6.6 : expat (EulerOS-SA-2023-2422)

According to the versions of the expat packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Expat aka libexpat before 2.4.5, an attacker can trigger stack exhaustion in buildmodel via a large nesting depth in the DTD...