Libexpat Security Vulnerabilities and Issues — Libexpat CVE List

Lucene search

Libexpat ProjectLibexpat

17 matches found

CVE•added 2022/02/16 1:15 a.m.•606 views

CVE-2022-25235

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

9.8CVSS9.6AI score0.12745EPSS

CVE•added 2022/02/16 1:15 a.m.•519 views

CVE-2022-25236

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

9.8CVSS9.5AI score0.09151EPSS

CVE•added 2022/02/18 5:15 a.m.•485 views

CVE-2022-25315

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

9.8CVSS9.8AI score0.0753EPSS

CVE•added 2022/01/24 2:15 a.m.•410 views

CVE-2022-23852

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

9.8CVSS9.6AI score0.01944EPSS

CVE•added 2022/09/14 11:15 a.m.•402 views

CVE-2022-40674

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.

8.1CVSS8.3AI score0.00625EPSS

CVE•added 2022/10/24 2:15 p.m.•399 views

CVE-2022-43680

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

7.5CVSS7.7AI score0.00244EPSS

CVE•added 2022/01/26 7:15 p.m.•353 views

CVE-2022-23990

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

7.5CVSS8.7AI score0.03519EPSS

CVE•added 2022/01/10 2:12 p.m.•339 views

CVE-2022-22822

addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

9.8CVSS9.5AI score0.01329EPSS

CVE•added 2022/01/01 7:15 p.m.•293 views

CVE-2021-45960

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

9CVSS9.1AI score0.00385EPSS

CVE•added 2022/01/10 2:12 p.m.•279 views

CVE-2022-22824

defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

9.8CVSS9.5AI score0.00431EPSS

CVE•added 2022/01/10 2:12 p.m.•273 views

CVE-2022-22823

build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

9.8CVSS9.5AI score0.00431EPSS

CVE•added 2022/02/18 5:15 a.m.•266 views

CVE-2022-25314

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

7.5CVSS8.8AI score0.00445EPSS

CVE•added 2022/01/10 2:12 p.m.•243 views

CVE-2022-22825

lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

8.8CVSS9.2AI score0.00206EPSS

CVE•added 2022/01/06 4:15 a.m.•240 views

CVE-2021-46143

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

8.1CVSS8.9AI score0.04193EPSS

CVE•added 2022/02/18 5:15 a.m.•237 views

CVE-2022-25313

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

6.5CVSS7.9AI score0.00124EPSS

CVE•added 2022/01/10 2:12 p.m.•235 views

CVE-2022-22826

nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

8.8CVSS9.2AI score0.00206EPSS

CVE•added 2022/01/10 2:12 p.m.•234 views

CVE-2022-22827

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

8.8CVSS9.2AI score0.00279EPSS