2 matches found
CVE-2024-28757
The CVE-2024-28757 entry concerns libexpat up to version 2.6.1, where XML External Entity (XXE) processing can be triggered when isolated external parsers are used (XML_ExternalEntityParserCreate). The impact is denial of service or resource exhaustion (availability impact: HIGH) with CVSS v3.1 b...
CVE-2024-50602
CVE-2024-50602 affects libexpat prior to 2.6.4. There is a crash in XML_ResumeParser when XML_StopParser can stop/suspend an unstarted parser. Affected: expat library used by various products; root cause is improper handling of parser state. Impact is a crash (DoS potential) as described in linke...