Lucene search

K
ubuntucveUbuntu.comUB:CVE-2024-28757
HistoryMar 10, 2024 - 12:00 a.m.

CVE-2024-28757

2024-03-1000:00:00
ubuntu.com
ubuntu.com
40
libexpat security xml entity expansion

AI Score

7.3

Confidence

Low

EPSS

0

Percentile

10.3%

libexpat through 2.6.1 allows an XML Entity Expansion attack when there is
isolated use of external parsers (created via
XML_ExternalEntityParserCreate).

Bugs

Notes

Author Note
sbeattie paraview uses system expat xotcl uses system expat poco uses system expat gdcm uses system expat audacity uses system expat simgear uses system expat coin3 uses system expat as of 4.0.0~CMake~6f54f1602475+ds1-1 sitecopy uses system expat since 1:0.16.0-1 (dapper!) insighttoolkit uses system expat as of 4.12.1-dfsg1
mdeslaur apache2 uses system expat apr-util uses system expat cmake uses system expat ghostscript uses system expat firefox uses system expat