Libexpat Security Vulnerabilities and Issues — Libexpat CVE List

Lucene search

Libexpat ProjectLibexpat

17 matches found

CVE•added 2022/02/16 1:15 a.m.•628 views

CVE-2022-25235

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

9.8CVSS9.6AI score0.13322EPSS

CVE•added 2022/02/16 1:15 a.m.•541 views

CVE-2022-25236

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

9.8CVSS9.5AI score0.09358EPSS

CVE•added 2022/02/18 5:15 a.m.•507 views

CVE-2022-25315

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

9.8CVSS9.8AI score0.07898EPSS

CVE•added 2022/01/24 2:15 a.m.•444 views

CVE-2022-23852

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

9.8CVSS9.6AI score0.01944EPSS

CVE•added 2022/09/14 11:15 a.m.•441 views

CVE-2022-40674

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.

8.1CVSS8.3AI score0.00623EPSS

CVE•added 2022/10/24 2:15 p.m.•433 views

CVE-2022-43680

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

7.5CVSS7.7AI score0.00261EPSS

CVE•added 2022/01/26 7:15 p.m.•390 views

CVE-2022-23990

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

7.5CVSS8.7AI score0.037EPSS

CVE•added 2022/01/10 2:12 p.m.•375 views

CVE-2022-22822

addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

9.8CVSS9.5AI score0.01328EPSS

CVE•added 2022/01/01 7:15 p.m.•312 views

CVE-2021-45960

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

9CVSS9.1AI score0.00374EPSS

CVE•added 2022/02/18 5:15 a.m.•300 views

CVE-2022-25314

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

7.5CVSS8.8AI score0.00469EPSS

CVE•added 2022/01/10 2:12 p.m.•295 views

CVE-2022-22824

defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

9.8CVSS9.5AI score0.00431EPSS

CVE•added 2022/01/10 2:12 p.m.•290 views

CVE-2022-22823

build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

9.8CVSS9.5AI score0.00431EPSS

CVE•added 2022/01/10 2:12 p.m.•260 views

CVE-2022-22825

lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

8.8CVSS9.2AI score0.00206EPSS

CVE•added 2022/01/06 4:15 a.m.•258 views

CVE-2021-46143

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

8.1CVSS8.9AI score0.04085EPSS

CVE•added 2022/02/18 5:15 a.m.•257 views

CVE-2022-25313

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

6.5CVSS7.9AI score0.0013EPSS

CVE•added 2022/01/10 2:12 p.m.•253 views

CVE-2022-22826

nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

8.8CVSS9.2AI score0.00206EPSS

CVE•added 2022/01/10 2:12 p.m.•253 views

CVE-2022-22827

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

8.8CVSS9.2AI score0.00279EPSS