Known Vulnerabilities for products from Libexpat Project

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Libexpat Project".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2022-23990 Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. 7.5 - HIGH 2022-01-26 2023-11-07
CVE-2022-23852 Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTE... 9.8 - CRITICAL 2022-01-24 2022-10-29
CVE-2022-22827 storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 8.8 - HIGH 2022-01-10 2022-10-06
CVE-2022-22826 nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 8.8 - HIGH 2022-01-10 2022-10-06
CVE-2022-22825 lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 8.8 - HIGH 2022-01-10 2022-10-06
CVE-2022-22824 defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 9.8 - CRITICAL 2022-01-10 2022-10-06
CVE-2022-22823 build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 9.8 - CRITICAL 2022-01-10 2022-10-06
CVE-2022-22822 addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. 9.8 - CRITICAL 2022-01-10 2022-10-06
CVE-2019-15903 In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too earl... 7.5 - HIGH 2019-09-04 2023-11-07
CVE-2018-20843 In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML par... 7.5 - HIGH 2019-06-24 2023-11-07
CVE-2017-11742 The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users t... 7.8 - HIGH 2017-07-30 2017-08-09
CVE-2017-9233 XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser... 7.5 - HIGH 2017-07-25 2023-11-07
CVE-2016-5300 The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to ... 7.5 - HIGH 2016-06-16 2023-11-07
CVE-2016-4472 The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to... 8.1 - HIGH 2016-06-30 2023-11-07
CVE-2016-0718 Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malfor... 9.8 - CRITICAL 2016-05-26 2023-02-12
CVE-2015-1283 Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89... 6.8 - MEDIUM 2015-07-23 2023-11-07
CVE-2013-0340 expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDec... 6.8 - MEDIUM 2014-01-21 2023-11-07
CVE-2012-6702 Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-depend... 5.9 - MEDIUM 2016-06-16 2023-11-07
CVE-2012-1148 Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to caus... 5 - MEDIUM 2012-07-03 2021-01-25
CVE-2012-1147 readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumpt... 4.3 - MEDIUM 2012-07-03 2021-01-25
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Libexpat Project

Type Vendor Product Version
ApplicationLibexpat ProjectLibexpat-