Libexpat Libexpatproject Libexpat

  1. Vendors
  2. Libexpatproject
  3. Libexpat
Do you want an email whenever new security vulnerabilities are reported in Libexpatproject Libexpat?

By the Year

In 2024 there have been 2 vulnerabilities in Libexpatproject Libexpat with an average score of 6.5 out of ten. Libexpat did not have any published security vulnerabilities last year. That is, 2 more vulnerabilities have already been reported in 2024 as compared to last year.

Year Vulnerabilities Average Score
2024 2 6.50
2023 0 0.00
2022 17 8.75
2021 0 0.00
2020 0 0.00
2019 2 7.50
2018 0 0.00

It may take a day or so for new Libexpat vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Libexpatproject Libexpat Security Vulnerabilities

libexpat through 2.5.0

CVE-2023-52425 7.5 - High - February 04, 2024

libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.

Resource Exhaustion

libexpat through 2.5.0

CVE-2023-52426 5.5 - Medium - February 04, 2024

libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.

XEE

In libexpat through 2.4.9

CVE-2022-43680 7.5 - High - October 24, 2022

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

Dangling pointer

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.

CVE-2022-40674 8.1 - High - September 14, 2022

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.

Dangling pointer

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model

CVE-2022-25313 6.5 - Medium - February 18, 2022

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

Stack Exhaustion

In Expat (aka libexpat) before 2.4.5

CVE-2022-25314 7.5 - High - February 18, 2022

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

Integer Overflow or Wraparound

In Expat (aka libexpat) before 2.4.5

CVE-2022-25315 9.8 - Critical - February 18, 2022

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

Integer Overflow or Wraparound

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding

CVE-2022-25235 9.8 - Critical - February 16, 2022

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

Output Sanitization

xmlparse.c in Expat (aka libexpat) before 2.4.5

CVE-2022-25236 9.8 - Critical - February 16, 2022

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

Exposure of Resource to Wrong Sphere

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

CVE-2022-23990 7.5 - High - January 26, 2022

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

Integer Overflow or Wraparound

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer

CVE-2022-23852 9.8 - Critical - January 24, 2022

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

Integer Overflow or Wraparound

build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVE-2022-22823 9.8 - Critical - January 10, 2022

build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Integer Overflow or Wraparound

lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVE-2022-22825 8.8 - High - January 10, 2022

lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Integer Overflow or Wraparound

nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVE-2022-22826 8.8 - High - January 10, 2022

nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Integer Overflow or Wraparound

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVE-2022-22827 8.8 - High - January 10, 2022

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Integer Overflow or Wraparound

addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVE-2022-22822 9.8 - Critical - January 10, 2022

addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Integer Overflow or Wraparound

defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

CVE-2022-22824 9.8 - Critical - January 10, 2022

defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

Integer Overflow or Wraparound

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3

CVE-2021-46143 7.8 - High - January 06, 2022

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

Integer Overflow or Wraparound

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c

CVE-2021-45960 8.8 - High - January 01, 2022

In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

Incorrect Calculation

In libexpat before 2.2.8, crafted XML input could fool the parser into changing

CVE-2019-15903 7.5 - High - September 04, 2019

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.

Out-of-bounds Read

In libexpat in Expat before 2.2.7, XML input including XML names

CVE-2018-20843 7.5 - High - June 24, 2019

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).

XXE

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library)

CVE-2017-9233 7.5 - High - July 25, 2017

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.

XXE

The overflow protection in Expat is removed by compilers with certain optimization settings, which

CVE-2016-4472 8.1 - High - June 30, 2016

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.

Buffer Overflow

The XML parser in Expat does not use sufficient entropy for hash initialization, which

CVE-2016-5300 7.5 - High - June 16, 2016

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876.

Resource Management Errors

Expat, when used in a parser

CVE-2012-6702 5.9 - Medium - June 16, 2016

Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.

Cryptographic Issues

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code

CVE-2016-0718 9.8 - Critical - May 26, 2016

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

Buffer Overflow

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products

CVE-2015-1283 - July 23, 2015

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716.

Integer Overflow or Wraparound

expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which

CVE-2013-0340 - January 21, 2014

expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE.

XXE

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which

CVE-2012-0876 - July 03, 2012

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.

Resource Exhaustion

Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files

CVE-2012-1148 - July 03, 2012

Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities.

Resource Management Errors

readfilemap.c in expat before 2.1.0

CVE-2012-1147 - July 03, 2012

readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.

Improper Input Validation

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Apple Mac OSX or by Libexpatproject? Click the Watch button to subscribe.

Libexpatproject
Vendor

Libexpatproject Libexpat
Product

subscribe