Known Vulnerabilities for Libexpat by Libexpat Project
Listed below are 10 of the newest known vulnerabilities associated with "Libexpat" by "Libexpat Project".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-41080 json | libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. | Not Provided | 2026-04-16 | 2026-04-18 |
| CVE-2022-43680 json | In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityPar... | 7.5 - HIGH | 2022-10-24 | 2024-01-21 |
| CVE-2022-40674 json | libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. | 8.1 - HIGH | 2022-09-14 | 2023-11-07 |
| CVE-2022-25315 json | In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. | 9.8 - CRITICAL | 2022-02-18 | 2023-11-07 |
| CVE-2022-25314 json | In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. | 7.5 - HIGH | 2022-02-18 | 2023-11-07 |
| CVE-2022-25313 json | In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in th... | 6.5 - MEDIUM | 2022-02-18 | 2023-11-07 |
| CVE-2022-25236 json | xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs... | 9.8 - CRITICAL | 2022-02-16 | 2023-11-07 |
| CVE-2022-25235 json | xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 c... | 9.8 - CRITICAL | 2022-02-16 | 2023-11-07 |
| CVE-2022-23990 json | Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. | 7.5 - HIGH | 2022-01-26 | 2023-11-07 |
| CVE-2022-23852 json | Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTE... | 9.8 - CRITICAL | 2022-01-24 | 2022-10-29 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Libexpat Project | Libexpat | 2.2.9 | |||
| Application | Libexpat Project | Libexpat | 2.2.8 | |||
| Application | Libexpat Project | Libexpat | 2.2.7 | |||
| Application | Libexpat Project | Libexpat | 2.2.6 | |||
| Application | Libexpat Project | Libexpat | 2.2.5 | |||
| Application | Libexpat Project | Libexpat | 2.2.4 | |||
| Application | Libexpat Project | Libexpat | 2.2.3 | |||
| Application | Libexpat Project | Libexpat | 2.2.2 | |||
| Application | Libexpat Project | Libexpat | 2.2.10 | |||
| Application | Libexpat Project | Libexpat | 2.2.1 | |||
| Application | Libexpat Project | Libexpat | 2.2.0 | |||
| Application | Libexpat Project | Libexpat | 2.1.1 | |||
| Application | Libexpat Project | Libexpat | 2.1.0 | |||
| Application | Libexpat Project | Libexpat | 2.0.1 | |||
| Application | Libexpat Project | Libexpat | 2.0.0 | |||
| Application | Libexpat Project | Libexpat | 1.95.8 | |||
| Application | Libexpat Project | Libexpat | 1.95.7 | |||
| Application | Libexpat Project | Libexpat | 1.95.6 | |||
| Application | Libexpat Project | Libexpat | 1.95.5 | |||
| Application | Libexpat Project | Libexpat | 1.95.4 |