Astra Linux – Vulnerabilities in Firefox, Thunderbird, Expat, LibXMLTok

In xmltokimpl.c within Expat also known as libexpat, before version 2.4.5, there was no proper validation of encoding. This meant that there were no checks to determine whether a UTF-8 character was valid in a particular context...

CVE-2026-49472 FreeSWITCH includes a vulnerable function, PREFIX(prologTok)() from libexpat

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH includes a vulnerable function, PREFIXprologTok, in...

CVE-2026-49472

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH includes a vulnerable function, PREFIXprologTok, in...

EUVD-2026-35469

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH includes a vulnerable function, PREFIXprologTok, in...

PT-2026-47845

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH includes a vulnerable function, PREFIXprologTok, in...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : xmltok library vulnerabilities (USN-8023-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8023-1 advisory. It was discovered that Expat, contained within the xmltok library, incorrectly handled the initialization...

USN-8023-1: xmltok library vulnerabilities

It was discovered that Expat, contained within the xmltok library, incorrectly handled the initialization of parsers for external entities. An attacker could possibly use this issue to cause a denial of service. CVE-2026-24515 It was discovered that Expat, contained within the xmltok library,...

JLSEC-2025-52 xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as che...

xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : xmltok library vulnerability (USN-7307-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7307-1 advisory. Tim Boddy discovered that Expat, contained within the xmltok library, did not properly handle memory reallocation when...

USN-7307-1: xmltok library vulnerability

Tim Boddy discovered that Expat, contained within the xmltok library, did not properly handle memory reallocation when processing XML files. If a user or application linked against Expat were tricked into opening a crafted XML file, an attacker could cause a denial of service by consuming excessi...

USN-7199-1 libxmltok vulnerabilities

It was discovered that Expat, contained within the xmltok library, incorrectly handled malformed XML data. If a user or application were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. CVE-2015-1283, CVE-2016-0718,...

USN-7199-1: xmltok library vulnerabilities

It was discovered that Expat, contained within the xmltok library, incorrectly handled malformed XML data. If a user or application were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. CVE-2015-1283, CVE-2016-0718,...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : xmltok library vulnerabilities (USN-7199-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7199-1 advisory. It was discovered that Expat, contained within the xmltok library, incorrectly handled malformed XML data. If...

USN-7001-2: xmltok library vulnerabilities

USN-7001-1 fixed vulnerabilities in xmltol library. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: Shang-Hung Wan discovered that Expat, contained within the xmltok library, did not properly handle certain function calls when a negative input lengt...

Ubuntu 24.04 LTS : xmltok library vulnerabilities (USN-7001-2)

The remote Ubuntu 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7001-2 advisory. USN-7001-1 fixed vulnerabilities in xmltol library. This update provides the corresponding updates for Ubuntu 24.04 LTS. Tenable has extracted the...

USN-7001-1: xmltok library vulnerabilities

Shang-Hung Wan discovered that Expat, contained within the xmltok library, did not properly handle certain function calls when a negative input length was provided. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. CVE-2024-45490 Shang-Hung Wan...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : xmltok library vulnerabilities (USN-7001-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7001-1 advisory. Shang-Hung Wan discovered that Expat, contained within the xmltok library, did not properly handle certain function...

OESA-2024-1815 mozjs78 security update

Security Fixes: In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating too few bytes, or only freeing memory.CVE-2021-45960 xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : xmltok library vulnerabilities (USN-5455-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5455-1 advisory. Tim Boddy, Gustavo Grieco and others discovered that Expat, that is integrated in xmltok library, incorrectly handled...

SUSE CVE-2022-25235

xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context...