Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Libexpat Project Subscribe
Total 30 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-0340 3 Apple, Libexpat Project, Python 7 Ipados, Iphone Os, Macos and 4 more 2023-02-12 6.8 MEDIUM N/A
expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.
CVE-2016-4472 4 Canonical, Libexpat Project, Mcafee and 1 more 4 Ubuntu Linux, Libexpat, Policy Auditor and 1 more 2023-02-12 6.8 MEDIUM 8.1 HIGH
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.
CVE-2016-0718 9 Apple, Canonical, Debian and 6 more 14 Mac Os X, Ubuntu Linux, Debian Linux and 11 more 2023-02-12 7.5 HIGH 9.8 CRITICAL
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
CVE-2022-40674 3 Debian, Fedoraproject, Libexpat Project 3 Debian Linux, Fedora, Libexpat 2023-02-01 N/A 8.1 HIGH
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
CVE-2022-43680 4 Debian, Fedoraproject, Libexpat Project and 1 more 18 Debian Linux, Fedora, Libexpat and 15 more 2022-12-02 N/A 7.5 HIGH
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
CVE-2022-23990 6 Debian, Fedoraproject, Libexpat Project and 3 more 6 Debian Linux, Fedora, Libexpat and 3 more 2022-10-31 5.0 MEDIUM 7.5 HIGH
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
CVE-2022-25235 5 Debian, Fedoraproject, Libexpat Project and 2 more 6 Debian Linux, Fedora, Libexpat and 3 more 2022-10-07 7.5 HIGH 9.8 CRITICAL
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
CVE-2022-25313 5 Debian, Fedoraproject, Libexpat Project and 2 more 6 Debian Linux, Fedora, Libexpat and 3 more 2022-10-07 4.3 MEDIUM 6.5 MEDIUM
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
CVE-2022-25236 4 Debian, Libexpat Project, Oracle and 1 more 5 Debian Linux, Libexpat, Http Server and 2 more 2022-10-06 7.5 HIGH 9.8 CRITICAL
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
CVE-2021-46143 4 Libexpat Project, Netapp, Siemens and 1 more 8 Libexpat, Active Iq Unified Manager, Clustered Data Ontap and 5 more 2022-10-06 6.8 MEDIUM 7.8 HIGH
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
CVE-2021-45960 5 Debian, Libexpat Project, Netapp and 2 more 8 Debian Linux, Libexpat, Active Iq Unified Manager and 5 more 2022-10-06 9.0 HIGH 8.8 HIGH
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
CVE-2022-22822 4 Debian, Libexpat Project, Siemens and 1 more 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more 2022-10-06 7.5 HIGH 9.8 CRITICAL
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22824 4 Debian, Libexpat Project, Siemens and 1 more 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more 2022-10-06 7.5 HIGH 9.8 CRITICAL
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22823 4 Debian, Libexpat Project, Siemens and 1 more 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more 2022-10-06 7.5 HIGH 9.8 CRITICAL
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22825 4 Debian, Libexpat Project, Siemens and 1 more 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more 2022-10-06 6.8 MEDIUM 8.8 HIGH
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22827 4 Debian, Libexpat Project, Siemens and 1 more 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more 2022-10-06 6.8 MEDIUM 8.8 HIGH
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22826 4 Debian, Libexpat Project, Siemens and 1 more 4 Debian Linux, Libexpat, Sinema Remote Connect Server and 1 more 2022-10-06 6.8 MEDIUM 8.8 HIGH
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-25315 5 Debian, Fedoraproject, Libexpat Project and 2 more 6 Debian Linux, Fedora, Libexpat and 3 more 2022-10-05 7.5 HIGH 9.8 CRITICAL
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
CVE-2022-25314 5 Debian, Fedoraproject, Libexpat Project and 2 more 6 Debian Linux, Fedora, Libexpat and 3 more 2022-10-05 5.0 MEDIUM 7.5 HIGH
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
CVE-2022-23852 5 Debian, Libexpat Project, Netapp and 2 more 6 Debian Linux, Libexpat, Clustered Data Ontap and 3 more 2022-09-29 7.5 HIGH 9.8 CRITICAL
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.