61 matches found
CVE-2024-28757
The CVE-2024-28757 entry concerns libexpat up to version 2.6.1, where XML External Entity (XXE) processing can be triggered when isolated external parsers are used (XML_ExternalEntityParserCreate). The impact is denial of service or resource exhaustion (availability impact: HIGH) with CVSS v3.1 b...
CVE-2019-15903
CVE-2019-15903 is a libexpat/libxml2 (Expat) issue present in libexpat prior to 2.2.8. Crafted XML input could cause the parser to switch from DTD parsing to document parsing too early, and a subsequent call to XML_GetCurrentLineNumber/XML_GetCurrentColumnNumber could trigger a heap-based buffer ...
CVE-2022-25235
CVE-2022-25235: In Expat (libexpat) xmltok_impl.c, there is insufficient validation of encoding (e.g., UTF-8 validity in certain contexts) prior to version 2.4.5. PUBLICLY documented impact is high/critical: CVSS 3.1 vector shows NETWORK attack, U/N UI, with C/H/I/H and a base score of 9.8. The c...
CVE-2013-0340
CVE-2013-0340 concerns the expat XML parser. The issue arises from improper handling of XML entity expansion (XXE) unless an application enables XML_SetEntityDeclHandler. This can allow a remote attacker to cause denial of service (resource consumption), trigger requests to intranet endpoints, or...
CVE-2022-25236
CVE-2022-25236 (Expat/libexpat) affects Expat before 2.4.5, where attackers can insert namespace-separator characters into namespace URIs in xmlparse.c. The issue can enable attacker-controlled input to trigger a denial of service or, in certain contexts (e.g., misuse of xmlns[:prefix] attribute ...
CVE-2022-25315
CVE-2022-25315 affects libexpat (Expat) with an integer overflow in storeRawNames in versions before 2.4.5. Public sources (e.g., AlmaLinux ALAS2-2022-1779, AlmaLinux ALSA-2022-7811, CentOS/Red Hat advisories) indicate the issue has been addressed in later expat releases (upgrades to 2.4.5+; 2.4....
CVE-2018-20843
The CVE-2018-20843 issue affects libexpat (Expat) prior to 2.2.7, where XML inputs with many colons can cause high RAM/CPU usage and enable DoS. Related CVE-2019-15903 describes a heap-based buffer over-read when crafted XML triggers early parsing state switches. Public advisories confirm that an...
CVE-2022-40674
CVE-2022-40674 affects libexpat (expat) prior to 2.4.9, with a use-after-free in the doContent function of xmlparse.c. The connected advisories confirm this weakness can lead to denial of service or potentially arbitrary code execution via memory corruption, depending on how the parser handles in...
CVE-2022-43680
In CVE-2022-43680, libexpat up to version 2.4.9 contains a use-after-free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate during out-of-memory situations. The impact is rated High (Availability impact) with a CVSSv3.1 base score of 7.5 (Network attack vector, no ...
CVE-2022-23852
Expat (libexpat) contains a signed integer overflow in XML_GetBuffer when XML_CONTEXT_BYTES is nonzero (CVE-2022-23852). IV was observed in multiple advisories and bulletins; the issue can lead to arbitrary code execution or crash if exploited. A fix exists in expat 2.4.4 and later; affected dist...
CVE-2022-23990
CVE-2022-23990 affects Expat (libexpat) before 2.4.4. The issue is an integer overflow in doProlog, leading to denial of service and potential exploitation. Advisories from AlmaLinux and Amazon Linux indicate remediation via upgrading expat to a fixed version (e.g., Expats newer than 2.4.4; ALAS ...
CVE-2022-22822
CVE-2022-22822 affects Expat (libexpat) prior to 2.4.3, where addBinding in xmlparse.c can overflow an integer and enable remote code execution or other impact as described in published advisories. The vulnerability is tied to an integer overflow in xmlparse.c (addBinding), with CVSS-derived seve...
CVE-2016-0718
CVE-2016-0718 is evidenced in connected Apple documents as part of the Expat (libexpat) updates applied to OS X El Capitan and iTunes-related components. The Expat/libexpat entry notes that processing XML can trigger vulnerabilities in affected builds, with CVE-2016-0718 specifically associated w...
CVE-2024-50602
CVE-2024-50602 affects libexpat prior to 2.6.4. There is a crash in XML_ResumeParser when XML_StopParser can stop/suspend an unstarted parser. Affected: expat library used by various products; root cause is improper handling of parser state. Impact is a crash (DoS potential) as described in linke...
CVE-2021-45960
CVE-2021-45960 (Expat/libexpat) is corroborated by connected advisories describing a left shift (29 or more) in storeAtts() of xmlparse.c that can trigger realloc misbehavior, potentially leading to allocation errors or memory mismanagement in Expat before 2.4.3. The CVE is repeatedly listed acro...
CVE-2015-1283
The material confirms CVE-2015-1283 is an Expat XML_GetBuffer integer/heap overflow issue, with impact on multiple products using expat up to 2.1.0 (e.g., Chrome before 44.0.2403.89). Related CVEs include CVE-2015-2716 and CVE-2016-4472 (note: the latter indicates the overflow protection was remo...
CVE-2022-25314
CVE-2022-25314 affects Expat (libexpat) and is caused by an integer overflow in copyString() in xmlparse.c. The issue can enable arbitrary code execution or crash the process when processing crafted input. Public advisories and bulletins from AlmaLinux, AlmaLinux 9/8, Astra Linux, Cloud Foundry, ...
CVE-2022-22823
CVE-2022-22823 affects Expat (libexpat) with an integer overflow in build_model() in xmlparse.c, vulnerable prior to 2.4.3. The CVE is corroborated by multiple sources (e.g., ALAS2-2022-1809, ALSA-2022-7692) and Cloud Foundry USN references, all indicating Expat pre-2.4.3 contains the overflow is...
CVE-2022-22824
CVE-2022-22824 affects Expat (libexpat) with an integer overflow in defineAttribute() within xmlparse.c for versions before 2.4.3. The issue is confirmed by connected documents listing multiple Expat CVEs (e.g., CVE-2021-46143, CVE-2022-22822–22827) and advisories referencing 2.4.3 as the fix ver...
CVE-2022-22827
CVE-2022-22827 affects Expat (libexpat) stored in xmlparse.c: storeAtts has an integer overflow in versions before 2.4.3. The vulnerability can be triggered by processing crafted XML content and, as described in the advisories, may lead to crashes or arbitrary code execution in some contexts. Aff...
CVE-2022-22825
CVE-2022-22825 refers to an integer overflow in Expat (libexpat) within xmlparse.c (lookup function) present in versions before 2.4.3. The vulnerability is a code execution/impact class due to heap memory mismanagement from the overflow, with CVSS v3.1 base score 8.8 (high) and network/remote exp...
CVE-2012-0876
The CVE-2012-0876 issue affects the Expat XML parser (xmlparse.c) prior to version 2.1.0, where hash initialization is not salted to prevent hash collisions. This enables context-dependent attackers to trigger collision-based DoS via XML files with many identical identifiers. References and downs...
CVE-2021-46143
CVE-2021-46143 affects libexpat (Expat) in doProlog (xmlparse.c) with an integer overflow on m_groupSize prior to 2.4.3. The linked advisories and databases confirm related Expat overflow issues (and other overflow variants such as addBinding, build_model, defineAttribute, lookup, nextScaffoldPar...
CVE-2022-22826
CVE-2022-22826 is an integer overflow in the Expat (libexpat) XML parser, specifically in nextScaffoldPart of xmlparse.c, affecting versions before 2.4.3. The initial CVE description confirms the overflow, and connected advisories/patch notes (e.g., AlmaLinux ALAS-2022-1603/7692, CESA-2022:1069) ...
CVE-2022-25313
CVE-2022-25313 concerns the Expat/libexpat XML parser. The vulnerability arises from a stack-exhaustion condition triggered by a large nesting depth in the DTD element during build_model processing, allowing an attacker to cause a denial of service. Public advisories in connected docs confirm Exp...
CVE-2017-9233
CVE-2017-9233: XML External Entity DoS in libexpat 2.2.0 and earlier via malformed external entity in an external DTD. Affected: libexpat (Expat XML Parser Library). Impact: parser denial-of-service (infinite loop). Remediation: update to libexpat 2.2.1 (fixes addressed in advisories). If impleme...
CVE-2023-52425
CVE-2023-52425 affects libexpat up to version 2.5.0, causing a denial of service via resource exhaustion when parsing a very large token that requires multiple buffer fills and reparsing from the start. Connected advisories confirm the issue in expat and note public fixes in newer releases (e.g.,...
CVE-2009-3720
CVE-2009-3720 affects Expat 2.0.1 (libexpat) and its use in Python, PyXML, w3c-libwww, etc. Root cause: in lib/xmltok_impl.c, updatePosition handles crafted UTF-8 sequences, causing a buffer over-read and potential application crash (DoS). Connected documents confirm exploits are not detailed bey...
CVE-2024-45491
CVE-2024-45491 affects libexpat prior to 2.6.3. Root cause: integer overflow in nDefaultAtts within xmlparse.c on 32-bit platforms, potentially enabling memory corruption or code execution. Public details confirm exposure is tied to libexpat, with Debian/ALMA advisories indicating DoS/code exec r...
CVE-2009-3560
CVE-2009-3560 is an Expat 2.0.1 XML parsing vulnerability (big2_toUtf8 in libxmltok.c) that can cause a denial of service via malformed UTF-8 sequences in XML, triggering a buffer over-read in doProlog. Connected docs reference Expat/XML parsing context and list vulnerable products/versions; howe...
CVE-2024-45490
CVE-2024-45490 affects libexpat before 2.6.3, where xmlparse.c fails to reject a negative length for XML_ParseBuffer. The issue has been documented across multiple advisories (including ALAS/ALAS2 entries and Apple security content) as enabling a remote attacker to potentially cause an unexpected...
CVE-2016-4472
CVE-2016-4472 affects the Expat XML parser: overflow protections can be removed by compilers with certain optimizations, allowing remote attackers to cause a crash or potentially execute code via crafted XML. The entry notes this stems from an incomplete fix for CVE-2015-1283 and CVE-2015-2716. C...
CVE-2024-45492
CVE-2024-45492 affects libexpat. Affected: expat library versions older than 2.6.3; vulnerability arises from an integer overflow in nextScaffoldPart() in xmlparse.c on 32-bit platforms, potentially enabling arbitrary code execution. Public advisories (CBL-Mariner, Debian DLA-3893-1, ALSA advisor...
CVE-2012-6702
CVE-2012-6702 affects the Expat XML parser. Root cause: Expat may call srand or be used with a non-zero seed in XML_SetHashSalt, weakening cryptographic protections. Impact: context-dependent attackers could defeat cryptographic protections via srand-based vectors. No explicit fix in the provided...
CVE-2026-24515
In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data. This vulnerability (CVE-2026-24515) is reflected across multiple advisories/plugins; remediation is to update expat to a version 2.7.4 or newer where the issue is fixed.
CVE-2016-5300
Expat CVE-2016-5300 is a denial-of-service vulnerability in the Expat XML parser caused by insufficient entropy used for hash initialization. The issue allows context-dependent attackers to cause CPU exhaustion via crafted identifiers in XML documents. Connected material confirms this as an Expat...
CVE-2026-50219
libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation, causing a use-after-free. Affected: libexpat prior to 2.8.2. Impact is described as a MEDIUM-seve...
CVE-2026-45186
CVE-2026-45186 affects libexpat prior to 2.8.1, where the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input. The NVD entry reports a high impact on availability (CVSS: 7.5) with network attack vector and no privileges. Pu...
CVE-2012-1148
CVE-2012-1148 is a denial-of-service vulnerability in Expat: a memory leak in poolGrow when expanding entities can be triggered by processing crafted XML, leading to increased memory usage and potential crash of the application using the vulnerable Expat library. The vulnerability is listed acros...
CVE-2025-59375
Summary: CVE-2025-59375 affects libexpat in Expat before 2.7.2. A small XML document can trigger large dynamic memory allocations, per multiple security advisories. Affected software: libexpat (Expat) prior to version 2.7.2. Impact (as stated): Attackers may cause large memory allocations; impact...
CVE-2023-52426
CVE-2023-52426 affects libexpat up to version 2.5.0 and allows recursive XML Entity Expansion when XML_DTD is undefined at compile time. The connected advisories indicate the issue is real across multiple vendors (e.g., Broadcom/Brocade and Mariner/MSR contexts) and that fixes exist in libexpat 2...
CVE-2012-1147
CVE-2012-1147 affects the expat XML parser. The issue is in readfilemap.c before 2.1.0, where a resource leak can be triggered by processing a large number of crafted XML files, potentially leading to denial of service via file descriptor/resource exhaustion. Affected products using expat librari...
CVE-2017-11742
Affected software: Expat library (libexpat) on Windows, versions 2.2.1 and 2.2.2. Root cause: writeRandomBytes_RtlGenRandom in xmlparse.c suffers from an untrusted DLL search path, enabling DLL hijacking via a malicious ADVAPI32.DLL in the current working directory. Impact: local privilege escala...
CVE-2026-25210
CVE-2026-25210 affects libexpat prior to 2.7.4, where doContent may miscompute bufSize due to missing integer overflow check during tag buffer reallocation. Multiple connected sources confirm the issue and reference a fix in updated expat releases; remediation is to update to a version including ...
CVE-2026-32776
libexpat prior to 2.7.5 contains a NULL pointer dereference in the handling of empty external parameter entity content during XML parsing. Affected component: expat XML parser in versions before 2.7.5. Root cause: NULL pointer dereference inside external parameter entity processing. Impact per CV...
CVE-2026-56131
CVE-2026-56131 affects libexpat prior to 2.8.2, where handler call depth tracking is missing for XML_ResumeParser calls made from within handlers during a policy violation. This leads to a use-after-free condition as described (similar to CVE-2026-50219). The Connected documents identify the affe...
CVE-2026-56132
CVE-2026-56132 affects libexpat prior to 2.8.2, where a heap-based buffer overflow occurs in doProlog within xmlparse.c due to mishandled reallocation of the scaffold backing array when data-structure sharing occurs across parsers. The CVSS metrics indicate a high impact on confidentiality and in...
CVE-2026-56412
In the connected CVE data, libexpat before 2.8.2 is affected: the XML_TOK_DATA_CHARS handling in doCdataSection lacks proper handler call depth tracking, enabling a use-after-free under certain policy violations. This stems from an incomplete fix for CVE-2026-50219. CVSS indicates LOCAL attack ve...
CVE-2026-41080
CVE-2026-41080 affects libexpat prior to 2.7.6, where insufficient entropy in the hash function allows hash flooding when processing crafted XML documents. The CVE is broadly referenced across OSV, Debian, Red Hat, and Ubuntu entries, with the core impact described as a potential DoS due to resou...
CVE-2025-66382
CVE-2025-66382 affects libexpat up to version 2.7.3. A crafted input file of about 2 MiB can cause the parser to spend dozens of seconds processing, yielding a potential denial of service (availability impact). Documented impact ranges from low to high in sources: CVSS data indicate local access ...