Libexpat@* Security Vulnerabilities and Issues — Libexpat@* CVE List

Lucene search

Libexpat ProjectLibexpat*

36 matches found

CVE•added 2024/03/10 5:15 a.m.•8294 views

CVE-2024-28757

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

7.5CVSS7.4AI score0.00474EPSS

CVE•added 2019/09/04 6:15 a.m.•745 views

CVE-2019-15903

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.

7.5CVSS8.2AI score0.00361EPSS

CVE•added 2014/01/21 6:55 p.m.•629 views

CVE-2013-0340

expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a cr...

6.8CVSS7.1AI score0.00047EPSS

CVE•added 2022/02/16 1:15 a.m.•617 views

CVE-2022-25235

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

9.8CVSS9.6AI score0.13322EPSS

CVE•added 2022/02/16 1:15 a.m.•531 views

CVE-2022-25236

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

9.8CVSS9.5AI score0.09358EPSS

CVE•added 2022/02/18 5:15 a.m.•497 views

CVE-2022-25315

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

9.8CVSS9.8AI score0.07704EPSS

CVE•added 2019/06/24 5:15 p.m.•475 views

CVE-2018-20843

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).

7.8CVSS7.5AI score0.00785EPSS

CVE•added 2022/01/24 2:15 a.m.•433 views

CVE-2022-23852

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

9.8CVSS9.6AI score0.01944EPSS

CVE•added 2022/09/14 11:15 a.m.•427 views

CVE-2022-40674

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.

8.1CVSS8.3AI score0.00625EPSS

CVE•added 2022/10/24 2:15 p.m.•426 views

CVE-2022-43680

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

7.5CVSS7.7AI score0.00261EPSS

CVE•added 2022/01/26 7:15 p.m.•379 views

CVE-2022-23990

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

7.5CVSS8.7AI score0.03519EPSS

CVE•added 2022/01/10 2:12 p.m.•363 views

CVE-2022-22822

addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

9.8CVSS9.5AI score0.01328EPSS

CVE•added 2016/05/26 4:59 p.m.•332 views

CVE-2016-0718

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

9.8CVSS8.7AI score0.02267EPSS

CVE•added 2015/07/23 12:59 a.m.•306 views

CVE-2015-1283

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a relate...

6.8CVSS8.4AI score0.055EPSS

CVE•added 2022/01/01 7:15 p.m.•304 views

CVE-2021-45960

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

9CVSS9.1AI score0.00374EPSS

CVE•added 2024/10/27 5:15 a.m.•300 views

CVE-2024-50602

An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.

5.9CVSS7.1AI score0.00068EPSS

CVE•added 2022/02/18 5:15 a.m.•290 views

CVE-2022-25314

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

7.5CVSS8.8AI score0.00359EPSS

CVE•added 2022/01/10 2:12 p.m.•286 views

CVE-2022-22824

defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

9.8CVSS9.5AI score0.00431EPSS

CVE•added 2022/01/10 2:12 p.m.•280 views

CVE-2022-22823

build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

9.8CVSS9.5AI score0.00431EPSS

CVE•added 2022/01/10 2:12 p.m.•252 views

CVE-2022-22825

lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

8.8CVSS9.2AI score0.00206EPSS

CVE•added 2022/01/06 4:15 a.m.•250 views

CVE-2021-46143

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

8.1CVSS8.9AI score0.04085EPSS

CVE•added 2012/07/03 7:55 p.m.•249 views

CVE-2012-0876

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.

4.3CVSS7.4AI score0.00414EPSS

CVE•added 2022/02/18 5:15 a.m.•249 views

CVE-2022-25313

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

6.5CVSS7.9AI score0.0013EPSS

CVE•added 2022/01/10 2:12 p.m.•245 views

CVE-2022-22827

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

8.8CVSS9.2AI score0.00279EPSS

CVE•added 2022/01/10 2:12 p.m.•243 views

CVE-2022-22826

nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

8.8CVSS9.2AI score0.00206EPSS

CVE•added 2017/07/25 8:29 p.m.•238 views

CVE-2017-9233

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.

7.5CVSS8.4AI score0.00439EPSS

CVE•added 2016/06/30 5:59 p.m.•191 views

CVE-2016-4472

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and...

8.1CVSS8.9AI score0.055EPSS

CVE•added 2024/02/04 8:15 p.m.•184 views

CVE-2023-52425

libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.

7.5CVSS7.5AI score0.00677EPSS

CVE•added 2024/08/30 3:15 a.m.•179 views

CVE-2024-45491

An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

9.8CVSS7.3AI score0.00107EPSS

CVE•added 2024/08/30 3:15 a.m.•167 views

CVE-2024-45490

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.

9.8CVSS7AI score0.00069EPSS

CVE•added 2016/06/16 6:59 p.m.•154 views

CVE-2016-5300

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.

7.8CVSS7.7AI score0.00414EPSS

CVE•added 2024/08/30 3:15 a.m.•140 views

CVE-2024-45492

An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

9.8CVSS7.3AI score0.00276EPSS

CVE•added 2016/06/16 6:59 p.m.•138 views

CVE-2012-6702

Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.

5.9CVSS6.2AI score0.00461EPSS

CVE•added 2012/07/03 7:55 p.m.•105 views

CVE-2012-1148

Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.

5CVSS7.9AI score0.01289EPSS

CVE•added 2024/02/04 8:15 p.m.•95 views

CVE-2023-52426

libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.

5.5CVSS5.6AI score0.00019EPSS

CVE•added 2012/07/03 7:55 p.m.•83 views

CVE-2012-1147

readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.

4.3CVSS7.9AI score0.01082EPSS