libexpat Project libexpat 2.4.8

CPE Details

libexpat Project libexpat 2.4.8
2.4.8
2022-12-21
14h35 +00:00
2022-12-21
14h36 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:libexpat_project:libexpat:2.4.8:*:*:*:*:*:*:*

Informations

Vendor

libexpat_project

Product

libexpat

Version

2.4.8

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-45490 2024-08-30 00h00 +00:00 An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
9.8
Critical
CVE-2024-45491 2024-08-29 22h00 +00:00 An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
9.8
Critical
CVE-2024-45492 2024-08-29 22h00 +00:00 An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
9.8
Critical
CVE-2024-28757 2024-03-10 00h00 +00:00 libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
7.5
High
CVE-2023-52425 2024-02-03 23h00 +00:00 libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
7.5
High
CVE-2023-52426 2024-02-03 23h00 +00:00 libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.
5.5
Medium
CVE-2022-43680 2022-10-23 22h00 +00:00 In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
7.5
High
CVE-2022-40674 2022-09-13 22h00 +00:00 libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
8.1
High