Libexpat Security Vulnerabilities and Issues — Libexpat CVE List

Lucene search

Libexpat ProjectLibexpat

3 matches found

CVE•added 2014/01/21 6:55 p.m.•626 views

CVE-2013-0340

expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a cr...

6.8CVSS7.1AI score0.00039EPSS

CVE•added 2015/07/23 12:59 a.m.•304 views

CVE-2015-1283

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a relate...

6.8CVSS8.4AI score0.05699EPSS

CVE•added 2022/02/18 5:15 a.m.•242 views

CVE-2022-25313

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

6.5CVSS7.9AI score0.00124EPSS