Libexpat@* Security Vulnerabilities and Issues — Libexpat@* CVE List

Lucene search

Libexpat ProjectLibexpat*

7 matches found

CVE•added 2024/03/10 5:15 a.m.•8283 views

CVE-2024-28757

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

7.5CVSS7.4AI score0.00487EPSS

CVE•added 2024/10/27 5:15 a.m.•269 views

CVE-2024-50602

An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.

5.9CVSS7.1AI score0.00054EPSS

CVE•added 2024/02/04 8:15 p.m.•174 views

CVE-2023-52425

libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.

7.5CVSS7.5AI score0.0061EPSS

CVE•added 2024/08/30 3:15 a.m.•167 views

CVE-2024-45491

An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

9.8CVSS7.3AI score0.0011EPSS

CVE•added 2024/08/30 3:15 a.m.•152 views

CVE-2024-45490

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.

9.8CVSS7AI score0.0007EPSS

CVE•added 2024/08/30 3:15 a.m.•128 views

CVE-2024-45492

An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

9.8CVSS7.3AI score0.00232EPSS

CVE•added 2024/02/04 8:15 p.m.•90 views

CVE-2023-52426

libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.

5.5CVSS5.6AI score0.00019EPSS