Libexpat@* Security Vulnerabilities and Issues — Libexpat@* CVE List

Lucene search

Libexpat ProjectLibexpat*

4 matches found

CVE•added 2016/05/26 4:59 p.m.•317 views

CVE-2016-0718

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

9.8CVSS8.7AI score0.01771EPSS

CVE•added 2016/06/30 5:59 p.m.•189 views

CVE-2016-4472

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and...

8.1CVSS8.9AI score0.05699EPSS

CVE•added 2016/06/16 6:59 p.m.•150 views

CVE-2016-5300

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.

7.8CVSS7.7AI score0.02478EPSS

CVE•added 2016/06/16 6:59 p.m.•136 views

CVE-2012-6702

Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.

5.9CVSS6.2AI score0.00616EPSS