Libexpat Project: >> Libexpat >> 2.0.0 Security Vulnerabilities
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
CVSS Score
9.8
EPSS Score
0.012
Published
2024-08-30
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
CVSS Score
7.5
EPSS Score
0.009
Published
2024-03-10
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
CVSS Score
7.5
EPSS Score
0.016
Published
2024-02-04
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-02-04
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-10-24
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
CVSS Score
8.1
EPSS Score
0.011
Published
2022-09-14
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-02-18
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-02-18
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
CVSS Score
9.8
EPSS Score
0.077
Published
2022-02-18
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
CVSS Score
9.8
EPSS Score
0.133
Published
2022-02-16