CVE-2023-52426

libexpat through 2.5.0 allows recursive XML Entity Expansion if XMLDTD is undefined at compile time...

CVE-2023-52425

libexpat through 2.5.0 allows a denial of service resource consumption because many full reparsings are required in the case of a large token for which multiple buffer fills are needed...

CVE-2022-40674

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c...

CVE-2022-25314

In Expat aka libexpat before 2.4.5, there is an integer overflow in copyString...

CVE-2022-25315

In Expat aka libexpat before 2.4.5, there is an integer overflow in storeRawNames...

CVE-2022-25236

xmlparse.c in Expat aka libexpat before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs...

CVE-2022-25235

xmltokimpl.c in Expat aka libexpat before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context...

CVE-2022-23990

Expat aka libexpat before 2.4.4 has an integer overflow in the doProlog function...

CVE-2022-22826

nextScaffoldPart in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow...

CVE-2022-22827

storeAtts in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow...