libexpat

Published Aug 30, 2024

Page 1 of 2

CVE-2022-22824

defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVE-2022-23852

libexpat_project / libexpat+7

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

Published Jan 24, 2022

CVE-2022-25235

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

Published Feb 16, 2022

CVE-2022-25236

libexpat_project / libexpat+6

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

Published Feb 16, 2022

CVE-2022-22823

build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVE-2024-45492

libexpat_project / libexpat

An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

Published Aug 30, 2024

CVE-2022-22822

addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVE-2022-25315

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

Published Feb 18, 2022

CVE-2021-45960

libexpat_project / libexpat+11

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

Published Jan 1, 2022

CVE-2022-22825

lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVE-2022-22827

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVE-2022-22826

nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

libexpat_project / libexpat+10

CVE-2021-46143

HIGH8.1

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

Published Jan 6, 2022

CVE-2022-40674

HIGH8.1

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.

Published Sep 14, 2022

CVE-2022-25314

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

Published Feb 18, 2022

CVE-2022-43680

libexpat_project / libexpat+14

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

Published Oct 24, 2022

CVE-2024-45490

libexpat_project / libexpat

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.

Published Aug 30, 2024

CVE-2018-20843

libexpat_project / libexpat+18

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).

Published Jun 24, 2019

CVE-2022-23990

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.