libexpat Project libexpat 2.4.3

CPE Details

libexpat Project libexpat 2.4.3
libexpat_project
libexpat
2.4.3
2022-01-12
21h07 +00:00
2022-04-05
10h42 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:libexpat_project:libexpat:2.4.3:*:*:*:*:*:*:*

Informations

Vendor

libexpat_project

Product

libexpat

Version

2.4.3

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-45490 2024-08-30 00h00 +00:00 An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
9.8
Critical
CVE-2024-45491 2024-08-29 22h00 +00:00 An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
9.8
Critical
CVE-2024-45492 2024-08-29 22h00 +00:00 An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
9.8
Critical
CVE-2024-28757 2024-03-10 00h00 +00:00 libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
7.5
High
CVE-2023-52425 2024-02-03 23h00 +00:00 libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
7.5
High
CVE-2023-52426 2024-02-03 23h00 +00:00 libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.
5.5
Medium
CVE-2022-43680 2022-10-23 22h00 +00:00 In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
7.5
High
CVE-2022-40674 2022-09-13 22h00 +00:00 libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
8.1
High
CVE-2022-25314 2022-02-18 03h25 +00:00 In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
7.5
High
CVE-2022-25315 2022-02-18 03h24 +00:00 In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
9.8
Critical
CVE-2022-25313 2022-02-18 03h23 +00:00 In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
6.5
Medium
CVE-2022-25235 2022-02-15 23h40 +00:00 xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
9.8
Critical
CVE-2022-25236 2022-02-15 23h39 +00:00 xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
9.8
Critical
CVE-2022-23990 2022-01-26 17h02 +00:00 Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
7.5
High
CVE-2022-23852 2022-01-24 00h06 +00:00 Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
9.8
Critical