CPE Details
libexpat Project libexpat 1.95.0
1.95.0
2019-09-04
12h39 +00:00
12h39 +00:00
2019-09-04
12h39 +00:00
12h39 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:libexpat_project:libexpat:1.95.0:*:*:*:*:*:*:*
Informations
Vendor
libexpat_projectProduct
libexpatVersion
1.95.0Related CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
22h00 +00:00 |
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. | 9.8 |
Critical |
|
22h00 +00:00 |
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). | 9.8 |
Critical |
|
22h00 +00:00 |
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). | 9.8 |
Critical |
|
23h00 +00:00 |
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. | 7.5 |
High |
|
23h00 +00:00 |
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time. | 5.5 |
Medium |
|
22h00 +00:00 |
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. | 7.5 |
High |
|
22h00 +00:00 |
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. | 8.1 |
High |
|
03h25 +00:00 |
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. | 7.5 |
High |
|
03h24 +00:00 |
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. | 9.8 |
Critical |
|
03h23 +00:00 |
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. | 6.5 |
Medium |
|
23h40 +00:00 |
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. | 9.8 |
Critical |
|
23h39 +00:00 |
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. | 9.8 |
Critical |
|
17h02 +00:00 |
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. | 7.5 |
High |
|
00h06 +00:00 |
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. | 9.8 |
Critical |
|
01h57 +00:00 |
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | 9.8 |
Critical |
|
01h57 +00:00 |
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | 9.8 |
Critical |
|
01h56 +00:00 |
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | 9.8 |
Critical |
|
01h56 +00:00 |
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | 8.8 |
High |
|
01h56 +00:00 |
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | 8.8 |
High |
|
01h56 +00:00 |
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | 8.8 |
High |
|
02h48 +00:00 |
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. | 8.1 |
High |
|
17h47 +00:00 |
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). | 8.8 |
High |
|
03h59 +00:00 |
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. | 7.5 |
High |
|
14h06 +00:00 |
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). | 7.5 |
High |
|
18h00 +00:00 |
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. | 7.5 |
High |
|
15h00 +00:00 |
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716. | 8.1 |
High |
|
16h00 +00:00 |
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. | 5.9 |
Medium |
|
16h00 +00:00 |
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. | 7.5 |
High |
|
14h00 +00:00 |
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. | 9.8 |
Critical |
|
22h00 +00:00 |
Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. | 6.8 |
||
17h00 +00:00 |
expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE. | 6.8 |
||
17h00 +00:00 |
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. | 4.3 |
||
17h00 +00:00 |
readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files. | 4.3 |
||
17h00 +00:00 |
Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. | 5 |
2025©
tesweb SA
