Known Vulnerabilities for products from Libexpat Project

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Libexpat Project".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2022-43680 json In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityPar... 7.5 - HIGH 2022-10-24 2024-01-21
CVE-2022-40674 json libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. 8.1 - HIGH 2022-09-14 2023-11-07
CVE-2022-25315 json In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. 9.8 - CRITICAL 2022-02-18 2023-11-07
CVE-2022-25314 json In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. 7.5 - HIGH 2022-02-18 2023-11-07
CVE-2022-25313 json In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in th... 6.5 - MEDIUM 2022-02-18 2023-11-07
CVE-2022-25236 json xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs... 9.8 - CRITICAL 2022-02-16 2023-11-07
CVE-2022-25235 json xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 c... 9.8 - CRITICAL 2022-02-16 2023-11-07
CVE-2022-23990 json Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. 7.5 - HIGH 2022-01-26 2023-11-07
CVE-2022-23852 json Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTE... 9.8 - CRITICAL 2022-01-24 2022-10-29
CVE-2022-22827 json storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 8.8 - HIGH 2022-01-10 2022-10-06
CVE-2022-22826 json nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 8.8 - HIGH 2022-01-10 2022-10-06
CVE-2022-22825 json lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 8.8 - HIGH 2022-01-10 2022-10-06
CVE-2022-22824 json defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 9.8 - CRITICAL 2022-01-10 2022-10-06
CVE-2022-22823 json build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 9.8 - CRITICAL 2022-01-10 2022-10-06
CVE-2022-22822 json addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 9.8 - CRITICAL 2022-01-10 2022-10-06
CVE-2021-46143 json In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. 7.8 - HIGH 2022-01-06 2022-10-06
CVE-2021-45960 json In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to... 8.8 - HIGH 2022-01-01 2022-10-06
CVE-2019-15903 json In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too earl... 7.5 - HIGH 2019-09-04 2023-11-07
CVE-2018-20843 json In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML par... 7.5 - HIGH 2019-06-24 2023-11-07
CVE-2017-11742 json The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users t... 7.8 - HIGH 2017-07-30 2017-08-09
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Libexpat Project

Type Vendor Product Version
ApplicationLibexpat ProjectLibexpat-