Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libexpat project libexpat vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2017-9233
XML External Entity vulnerability in libexpat 2.2.0 and previous versions (Expat XML Parser Library) allows malicious users to put the parser in an infinite loop using a malformed external entity definition from an external DTD.
Libexpat Project Libexpat
Python Python
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
445
VMScore
CVE-2012-1148
Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat prior to 2.1.0 allows context-dependent malicious users to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expandi...
Libexpat Project Libexpat 2.0.0
Libexpat Project Libexpat 1.95.8
Libexpat Project Libexpat
Libexpat Project Libexpat 1.95.5
Libexpat Project Libexpat 1.95.4
Libexpat Project Libexpat 1.95.7
Libexpat Project Libexpat 1.95.6
Libexpat Project Libexpat 1.95.2
Libexpat Project Libexpat 1.95.1
Apple Mac Os X
383
VMScore
CVE-2022-25313
In Expat (aka libexpat) prior to 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
Libexpat Project Libexpat
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Oracle Http Server 12.2.1.3.0
Oracle Http Server 12.2.1.4.0
Oracle Zfs Storage Appliance Kit 8.8
Siemens Sinema Remote Connect Server
1 Github repository
383
VMScore
CVE-2012-6702
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent malicious users to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
Libexpat Project Libexpat
Google Android 5.0.2
Google Android 6.0.1
Google Android 6.0
Canonical Ubuntu Linux 12.04
Debian Debian Linux 8.0
Google Android 4.4.4
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 15.10
Canonical Ubuntu Linux 14.04
Google Android 5.1.1
383
VMScore
CVE-2012-0876
The XML parser (xmlparse.c) in expat prior to 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent malicious users to cause a denial of service (CPU consumption) via an XML file with many identifiers wit...
Libexpat Project Libexpat
Python Python
Debian Debian Linux 7.0
Debian Debian Linux 6.0
Canonical Ubuntu Linux 11.04
Canonical Ubuntu Linux 11.10
Canonical Ubuntu Linux 8.04
Canonical Ubuntu Linux 10.04
Canonical Ubuntu Linux 12.04
Oracle Solaris 11.3
Redhat Enterprise Linux Server 5.0
Redhat Enterprise Linux Server Aus 6.2
Redhat Enterprise Linux Workstation 5.0
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
Redhat Enterprise Linux Desktop 5.0
Redhat Storage 2.0
Redhat Enterprise Linux Eus 6.2
383
VMScore
CVE-2012-1147
readfilemap.c in expat prior to 2.1.0 allows context-dependent malicious users to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.
Apple Mac Os X 10.11.1
Apple Mac Os X 10.11.0
Libexpat Project Libexpat 2.0.0
Libexpat Project Libexpat 1.95.8
Libexpat Project Libexpat 1.95.7
Libexpat Project Libexpat 1.95.6
Libexpat Project Libexpat 1.95.5
Libexpat Project Libexpat 1.95.4
Libexpat Project Libexpat 1.95.2
Libexpat Project Libexpat 1.95.1
Libexpat Project Libexpat
NA
CVE-2023-52425
libexpat up to and including 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
Libexpat Project Libexpat
6 Github repositories
NA
CVE-2023-52426
libexpat up to and including 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.
Libexpat Project Libexpat
5 Github repositories
NA
CVE-2022-43680
In libexpat up to and including 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
Libexpat Project Libexpat
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Netapp H410c Firmware -
Netapp Oncommand Workflow Automation -
Netapp Solidfire \\& Hci Management Node -
Netapp Active Iq Unified Manager -
Netapp Hci Compute Node Firmware -
NA
CVE-2022-40674
libexpat prior to 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
Libexpat Project Libexpat
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3