49 matches found
CVE-2024-28757
The CVE-2024-28757 entry concerns libexpat up to version 2.6.1, where XML External Entity (XXE) processing can be triggered when isolated external parsers are used (XML_ExternalEntityParserCreate). The impact is denial of service or resource exhaustion (availability impact: HIGH) with CVSS v3.1 b...
CVE-2019-15903
CVE-2019-15903 is a libexpat/libxml2 (Expat) issue present in libexpat prior to 2.2.8. Crafted XML input could cause the parser to switch from DTD parsing to document parsing too early, and a subsequent call to XML_GetCurrentLineNumber/XML_GetCurrentColumnNumber could trigger a heap-based buffer ...
CVE-2022-25235
CVE-2022-25235: In Expat (libexpat) xmltok_impl.c, there is insufficient validation of encoding (e.g., UTF-8 validity in certain contexts) prior to version 2.4.5. PUBLICLY documented impact is high/critical: CVSS 3.1 vector shows NETWORK attack, U/N UI, with C/H/I/H and a base score of 9.8. The c...
CVE-2013-0340
CVE-2013-0340 concerns the expat XML parser. The issue arises from improper handling of XML entity expansion (XXE) unless an application enables XML_SetEntityDeclHandler. This can allow a remote attacker to cause denial of service (resource consumption), trigger requests to intranet endpoints, or...
CVE-2022-25236
CVE-2022-25236 (Expat/libexpat) affects Expat before 2.4.5, where attackers can insert namespace-separator characters into namespace URIs in xmlparse.c. The issue can enable attacker-controlled input to trigger a denial of service or, in certain contexts (e.g., misuse of xmlns[:prefix] attribute ...
CVE-2022-25315
CVE-2022-25315 affects libexpat (Expat) with an integer overflow in storeRawNames in versions before 2.4.5. Public sources (e.g., AlmaLinux ALAS2-2022-1779, AlmaLinux ALSA-2022-7811, CentOS/Red Hat advisories) indicate the issue has been addressed in later expat releases (upgrades to 2.4.5+; 2.4....
CVE-2018-20843
The CVE-2018-20843 issue affects libexpat (Expat) prior to 2.2.7, where XML inputs with many colons can cause high RAM/CPU usage and enable DoS. Related CVE-2019-15903 describes a heap-based buffer over-read when crafted XML triggers early parsing state switches. Public advisories confirm that an...
CVE-2022-40674
CVE-2022-40674 affects libexpat (expat) prior to 2.4.9, with a use-after-free in the doContent function of xmlparse.c. The connected advisories confirm this weakness can lead to denial of service or potentially arbitrary code execution via memory corruption, depending on how the parser handles in...
CVE-2022-23852
Expat (libexpat) contains a signed integer overflow in XML_GetBuffer when XML_CONTEXT_BYTES is nonzero (CVE-2022-23852). IV was observed in multiple advisories and bulletins; the issue can lead to arbitrary code execution or crash if exploited. A fix exists in expat 2.4.4 and later; affected dist...
CVE-2022-23990
CVE-2022-23990 affects Expat (libexpat) before 2.4.4. The issue is an integer overflow in doProlog, leading to denial of service and potential exploitation. Advisories from AlmaLinux and Amazon Linux indicate remediation via upgrading expat to a fixed version (e.g., Expats newer than 2.4.4; ALAS ...
CVE-2022-22822
CVE-2022-22822 affects Expat (libexpat) prior to 2.4.3, where addBinding in xmlparse.c can overflow an integer and enable remote code execution or other impact as described in published advisories. The vulnerability is tied to an integer overflow in xmlparse.c (addBinding), with CVSS-derived seve...
CVE-2016-0718
CVE-2016-0718 is evidenced in connected Apple documents as part of the Expat (libexpat) updates applied to OS X El Capitan and iTunes-related components. The Expat/libexpat entry notes that processing XML can trigger vulnerabilities in affected builds, with CVE-2016-0718 specifically associated w...
CVE-2024-50602
CVE-2024-50602 affects libexpat prior to 2.6.4. There is a crash in XML_ResumeParser when XML_StopParser can stop/suspend an unstarted parser. Affected: expat library used by various products; root cause is improper handling of parser state. Impact is a crash (DoS potential) as described in linke...
CVE-2021-45960
CVE-2021-45960 (Expat/libexpat) is corroborated by connected advisories describing a left shift (29 or more) in storeAtts() of xmlparse.c that can trigger realloc misbehavior, potentially leading to allocation errors or memory mismanagement in Expat before 2.4.3. The CVE is repeatedly listed acro...
CVE-2022-25314
CVE-2022-25314 affects Expat (libexpat) and is caused by an integer overflow in copyString() in xmlparse.c. The issue can enable arbitrary code execution or crash the process when processing crafted input. Public advisories and bulletins from AlmaLinux, AlmaLinux 9/8, Astra Linux, Cloud Foundry, ...
CVE-2022-22823
CVE-2022-22823 affects Expat (libexpat) with an integer overflow in build_model() in xmlparse.c, vulnerable prior to 2.4.3. The CVE is corroborated by multiple sources (e.g., ALAS2-2022-1809, ALSA-2022-7692) and Cloud Foundry USN references, all indicating Expat pre-2.4.3 contains the overflow is...
CVE-2022-22824
CVE-2022-22824 affects Expat (libexpat) with an integer overflow in defineAttribute() within xmlparse.c for versions before 2.4.3. The issue is confirmed by connected documents listing multiple Expat CVEs (e.g., CVE-2021-46143, CVE-2022-22822–22827) and advisories referencing 2.4.3 as the fix ver...
CVE-2022-22827
CVE-2022-22827 affects Expat (libexpat) stored in xmlparse.c: storeAtts has an integer overflow in versions before 2.4.3. The vulnerability can be triggered by processing crafted XML content and, as described in the advisories, may lead to crashes or arbitrary code execution in some contexts. Aff...
CVE-2022-22825
CVE-2022-22825 refers to an integer overflow in Expat (libexpat) within xmlparse.c (lookup function) present in versions before 2.4.3. The vulnerability is a code execution/impact class due to heap memory mismanagement from the overflow, with CVSS v3.1 base score 8.8 (high) and network/remote exp...
CVE-2012-0876
The CVE-2012-0876 issue affects the Expat XML parser (xmlparse.c) prior to version 2.1.0, where hash initialization is not salted to prevent hash collisions. This enables context-dependent attackers to trigger collision-based DoS via XML files with many identical identifiers. References and downs...
CVE-2021-46143
CVE-2021-46143 affects libexpat (Expat) in doProlog (xmlparse.c) with an integer overflow on m_groupSize prior to 2.4.3. The linked advisories and databases confirm related Expat overflow issues (and other overflow variants such as addBinding, build_model, defineAttribute, lookup, nextScaffoldPar...
CVE-2022-22826
CVE-2022-22826 is an integer overflow in the Expat (libexpat) XML parser, specifically in nextScaffoldPart of xmlparse.c, affecting versions before 2.4.3. The initial CVE description confirms the overflow, and connected advisories/patch notes (e.g., AlmaLinux ALAS-2022-1603/7692, CESA-2022:1069) ...
CVE-2022-25313
CVE-2022-25313 concerns the Expat/libexpat XML parser. The vulnerability arises from a stack-exhaustion condition triggered by a large nesting depth in the DTD element during build_model processing, allowing an attacker to cause a denial of service. Public advisories in connected docs confirm Exp...
CVE-2024-45491
CVE-2024-45491 affects libexpat prior to 2.6.3. Root cause: integer overflow in nDefaultAtts within xmlparse.c on 32-bit platforms, potentially enabling memory corruption or code execution. Public details confirm exposure is tied to libexpat, with Debian/ALMA advisories indicating DoS/code exec r...
CVE-2024-45490
CVE-2024-45490 affects libexpat before 2.6.3, where xmlparse.c fails to reject a negative length for XML_ParseBuffer. The issue has been documented across multiple advisories (including ALAS/ALAS2 entries and Apple security content) as enabling a remote attacker to potentially cause an unexpected...
CVE-2024-45492
CVE-2024-45492 affects libexpat. Affected: expat library versions older than 2.6.3; vulnerability arises from an integer overflow in nextScaffoldPart() in xmlparse.c on 32-bit platforms, potentially enabling arbitrary code execution. Public advisories (CBL-Mariner, Debian DLA-3893-1, ALSA advisor...
CVE-2026-24515
In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data. This vulnerability (CVE-2026-24515) is reflected across multiple advisories/plugins; remediation is to update expat to a version 2.7.4 or newer where the issue is fixed.
CVE-2012-6702
CVE-2012-6702 affects the Expat XML parser. Root cause: Expat may call srand or be used with a non-zero seed in XML_SetHashSalt, weakening cryptographic protections. Impact: context-dependent attackers could defeat cryptographic protections via srand-based vectors. No explicit fix in the provided...
CVE-2016-5300
Expat CVE-2016-5300 is a denial-of-service vulnerability in the Expat XML parser caused by insufficient entropy used for hash initialization. The issue allows context-dependent attackers to cause CPU exhaustion via crafted identifiers in XML documents. Connected material confirms this as an Expat...
CVE-2026-45186
CVE-2026-45186 affects libexpat prior to 2.8.1, where the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input. The NVD entry reports a high impact on availability (CVSS: 7.5) with network attack vector and no privileges. Pu...
CVE-2026-50219
libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation, causing a use-after-free. Affected: libexpat prior to 2.8.2. Impact is described as a MEDIUM-seve...
CVE-2025-59375
Summary: CVE-2025-59375 affects libexpat in Expat before 2.7.2. A small XML document can trigger large dynamic memory allocations, per multiple security advisories. Affected software: libexpat (Expat) prior to version 2.7.2. Impact (as stated): Attackers may cause large memory allocations; impact...
CVE-2026-56407
CVE-2026-56407 affects libexpat prior to 2.8.2, with an integer overflow in doProlog related to storeEntityValue and entity textLen. The NVD entries confirm the issue and describe the vulnerability as an integer overflow in doProlog. The CVE entry indicates a medium base score (CVSS 3.1: AV=L, AC...
CVE-2026-56132
CVE-2026-56132 affects libexpat prior to 2.8.2, where a heap-based buffer overflow occurs in doProlog within xmlparse.c due to mishandled reallocation of the scaffold backing array when data-structure sharing occurs across parsers. The CVSS metrics indicate a high impact on confidentiality and in...
CVE-2026-32776
libexpat prior to 2.7.5 contains a NULL pointer dereference in the handling of empty external parameter entity content during XML parsing. Affected component: expat XML parser in versions before 2.7.5. Root cause: NULL pointer dereference inside external parameter entity processing. Impact per CV...
CVE-2026-56131
CVE-2026-56131 affects libexpat prior to 2.8.2, where handler call depth tracking is missing for XML_ResumeParser calls made from within handlers during a policy violation. This leads to a use-after-free condition as described (similar to CVE-2026-50219). The Connected documents identify the affe...
CVE-2026-25210
CVE-2026-25210 affects libexpat prior to 2.7.4, where doContent may miscompute bufSize due to missing integer overflow check during tag buffer reallocation. Multiple connected sources confirm the issue and reference a fix in updated expat releases; remediation is to update to a version including ...
CVE-2026-56412
In the connected CVE data, libexpat before 2.8.2 is affected: the XML_TOK_DATA_CHARS handling in doCdataSection lacks proper handler call depth tracking, enabling a use-after-free under certain policy violations. This stems from an incomplete fix for CVE-2026-50219. CVSS indicates LOCAL attack ve...
CVE-2026-41080
CVE-2026-41080 affects libexpat prior to 2.7.6, where insufficient entropy in the hash function allows hash flooding when processing crafted XML documents. The CVE is broadly referenced across OSV, Debian, Red Hat, and Ubuntu entries, with the core impact described as a potential DoS due to resou...
CVE-2026-56411
CVE-2026-56411 affects libexpat’s xmlwf binary, with an integer overflow in endDoctypeDecl triggered by NOTATION declarations prior to version 2.8.2. The CVSS metrics indicate a Local attack vector, high confidentiality and integrity impact, and low availability impact, with no user interaction r...
CVE-2026-32777
CVE-2026-32777 affects libexpat prior to 2.7.5, where parsing DTD content can trigger an infinite loop. This behavior can cause a denial of service if a system processes crafted DTDs. The available connected documents confirm the issue and its relation to libexpat’s DTD parsing loop, with no expl...
CVE-2026-56408
Vulnerability: libexpat prior to 2.8.2 has an integer overflow in copyString. Root cause: integer overflow in the copyString function. Impact: confidentiality and integrity may be affected with a CVSSv3.1 base score 6.9 (Local attack, high complexity, no user interaction). Remediation: upgrade to...
CVE-2026-56406
CVE-2026-56406 affects libexpat up to version 2.8.1; the root cause is an integer overflow in XML_ParseBuffer due to a missing check that XML_Parse had. The CVSSv3.1 vector indicates Local attack, high complexity, no privileges required, no user interaction, with Confidentiality and Integrity imp...
CVE-2026-32778
CVE-2026-32778 affects libexpat prior to 2.7.5, where a NULL pointer dereference can occur in setContext on retry after an out-of-memory condition. The connected IBM AIX advisory and OS advisories confirm the issue and provide a patch path, indicating remediation is to upgrade/export to a version...
CVE-2026-56410
The vulnerability CVE-2026-56410 affects xmlwf in libexpat prior to 2.8.2, due to an integer overflow in resolveSystemId. Impact is indicated as high for confidentiality and integrity, with low availability impact; attack vector is local and no user interaction is required. Remedy: upgrade to lib...
CVE-2026-56403
CVE-2026-56403 affects libexpat prior to 2.8.2, with an integer overflow in storeAtts. Local attack vector, high complexity, no user interaction, requires no privileges. Impact: confidentiality and integrity likely high; availability low. Base score 6.9 (CVSS 3.1). No exploitation details or reme...
CVE-2026-56404
CVE-2026-56404 affects libexpat before 2.8.2, where an integer overflow occurs in addBinding. This is the only detail provided; no exploitation or remediation information is included in the supplied documents.
CVE-2026-56405
The connected sources specify a vulnerability in libexpat up to version 2.8.2, caused by an integer overflow in getAttributeId. The CVE entry lists this as CVE-2026-56405 with a CVSS v3.1 base score of 6.9 (Medium) and a Local attack vector, requiring high attack complexity, no privileges, and no...
CVE-2026-56409
CVE-2026-56409 affects xmlwf in libexpat prior to 2.8.2. An integer overflow occurs in the output filename when -d outputDir is used. The CVSS 3.1 vector (LOCAL, HIGH complexity, NO privileges, user interaction required) indicates a local impact with confidentiality/ integrity impact HIGH and ava...