Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2019-15903

Published: 04/09/2019 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Libexpat Project

Vulnerability Summary

In libexpat prior to 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libexpat project libexpat

python python

Vendor Advisories

Debian CVElist Bug Report Logs: expat: CVE-2019-15903
Debian Bug report logs - #939394 expat: CVE-2019-15903 Package: src:expat; Maintainer for src:expat is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 4 Sep 2019 13:03:01 UTC Severity: important Tags: security, upstream Found in version expat/227-1 Fo ...
Debian Security Advisories: DSA-4530-1 expat -- security update
It was discovered that Expat, an XML parsing C library, did not properly handled internal entities closing the doctype, potentially resulting in denial of service or information disclosure if a malformed XML file is processed For the oldstable distribution (stretch), this problem has been fixed in version 220-2+deb9u3 For the stable distributio ...
Debian Security Advisories: DSA-4549-1 firefox-esr -- security update
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, cross-site scripting or denial of service Debian follows the extended support releases (ESR) of Firefox Support for the 60x series has ended, so starting with this update we're no ...
Debian Security Advisories: DSA-4571-1 thunderbird -- security update
Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code or denial of service Debian follows the Thunderbird upstream releases Support for the 60x series has ended, so starting with this update we're now following the 68x releases For the oldstable distribution (stretch), this pr ...
Ubuntu Security Notice: thunderbird regression
USN-4202-1 caused a regression in Thunderbird ...
Ubuntu Security Notice: firefox vulnerabilities
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
Ubuntu Security Notice: expat vulnerability
Expat could be made to expose sensitive information if it received a specially crafted XML file ...
Ubuntu Security Notice: thunderbird vulnerabilities
Several security issues were fixed in Thunderbird ...
Ubuntu Security Notice: expat vulnerability
Expat could be made to expose sensitive information if it received a specially crafted XML file ...
Ubuntu Security Notice: thunderbird vulnerabilities
Several security issues were fixed in Thunderbird ...
Amazon Linux AMI: ALAS-2021-1459
It was discovered that the "setElementTypePrefix()" function incorrectly extracted XML namespace prefixes By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service (CVE-2018-20843) In libexpat before 228, crafted XML in ...
Amazon Linux 2: ALAS2-2020-1513
It was discovered that the "setElementTypePrefix()" function incorrectly extracted XML namespace prefixes By tricking an application into processing a specially crafted XML file, an attacker could cause unusually high consumption of memory resources and possibly lead to a denial of service (CVE-2018-20843) In libexpat before 228, crafted XML in ...
Amazon Linux 2: ALAS2-2019-1376
Several memory safety bugs were discovered in Mozilla Firefox and Thunderbird Memory corruption and arbitrary code execution are possible with these vulnerabilities These bugs can be exploited over the network(CVE-2019-11764) A flaw was discovered in both Firefox and Thunderbird where 4 bytes of a HMAC output could be written past the end of a b ...
Red Hat: Moderate: expat security update
Synopsis Moderate: expat security update Type/Severity Security Advisory: Moderate Topic An update for expat is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Red Hat: Moderate: expat security update
Synopsis Moderate: expat security update Type/Severity Security Advisory: Moderate Topic An update for expat is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which ...
Red Hat: Important: thunderbird security update
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Red Hat: Low: OpenShift Container Platform 4.3.40 security and bug fix update
Synopsis Low: OpenShift Container Platform 4340 security and bug fix update Type/Severity Security Advisory: Low Topic An update is now available for Red Hat OpenShift Container Platform 43Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring S ...
Red Hat: Moderate: security update - Red Hat Ansible Tower 3.6 runner release (CVE-2019-18874)
Synopsis Moderate: security update - Red Hat Ansible Tower 36 runner release (CVE-2019-18874) Type/Severity Security Advisory: Moderate Topic Red Hat Ansible Tower 36 runner release (CVE-2019-18874) Description Updated python-psutil version to 566 inside ansible-runner container(CVE-20 ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2437 SP3 security update Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services Pack Apache Server 2437 Service Pack 3 zip release for RHEL 6, RHEL 7 and Microsoft Windows is availableRed Hat Product Security has r ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2437 SP3 security update Type/Severity Security Advisory: Important Topic Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2437 and fix several bugs, and add various enhancements are now available for Red Hat ...
Red Hat: Moderate: Release of OpenShift Serverless 1.11.0
Synopsis Moderate: Release of OpenShift Serverless 1110 Type/Severity Security Advisory: Moderate Topic Release of OpenShift Serverless 1110 Description Red Hat OpenShift Serverless 1110 is a generally available release of theOpenShift Serverless Operator This version of the OpenShif ...
Red Hat: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update
Synopsis Moderate: OpenShift Container Platform 46 compliance-operator security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for compliance-content-container, ose-compliance-openscap-container, ose-compliance-operator-container, and ose-compliance-operator-metadata-container ...
Red Hat: Moderate: Release of OpenShift Serverless 1.12.0
Synopsis Moderate: Release of OpenShift Serverless 1120 Type/Severity Security Advisory: Moderate Topic Release of OpenShift Serverless 1120Red Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base score,which gives a detaile ...
Red Hat: Moderate: Red Hat Quay v3.3.3 bug fix and security update
Synopsis Moderate: Red Hat Quay v333 bug fix and security update Type/Severity Security Advisory: Moderate Topic Red Hat Quay v333 is now available with bug fixes and security updatesRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring S ...
Red Hat: Moderate: OpenShift Container Platform 4.6 compliance-operator security and bug fix update
Synopsis Moderate: OpenShift Container Platform 46 compliance-operator security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for compliance-content-container, ose-compliance-openscap-container, ose-compliance-operator-container, and ose-compliance-operator-metadata-container ...
Red Hat: Moderate: OpenShift Container Platform 4.10.3 security update
Synopsis Moderate: OpenShift Container Platform 4103 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4103 is now available withupdates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact of ...
Red Hat: Moderate: Red Hat OpenShift Container Storage 4.6.0 security, bug fix, enhancement update
Synopsis Moderate: Red Hat OpenShift Container Storage 460 security, bug fix, enhancement update Type/Severity Security Advisory: Moderate Topic Updated images are now available for Red Hat OpenShift Container Storage 460 on Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as ha ...
Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7 runner release (CVE-2019-18874)
Synopsis Moderate: security update - Red Hat Ansible Tower 37 runner release (CVE-2019-18874) Type/Severity Security Advisory: Moderate Topic Red Hat Ansible Tower 37 runner release (CVE-2019-18874) Description Updated python-psutil version to 566 inside ansible-runner container (CVE-2 ...
Red Hat: CVE-2019-15903
Impact: Moderate Public Date: 2019-09-04 CWE: (CWE-122|CWE-125) Bugzilla: 1752592: CVE-2019-15903 expat ...
Arch Linux Issues:
Severity Unknown Remote Unknown Type Unknown Description AVG-1053 chromium 7703865120-1 780390470-1 Unknown Fixed ...
Mozilla: Security vulnerabilities fixed in - Firefox 70
Mozilla Foundation Security Advisory 2019-34 Security vulnerabilities fixed in - Firefox 70 Announced October 22, 2019 Impact critical Products Firefox Fixed in Firefox 70 ...
Mozilla: Security vulnerabilities fixed in - Firefox ESR 68.2
Mozilla Foundation Security Advisory 2019-33 Security vulnerabilities fixed in - Firefox ESR 682 Announced October 22, 2019 Impact critical Products Firefox ESR Fixed in Firefox ESR 682 ...
Mozilla: Security vulnerabilities fixed in - Thunderbird 68.2
Mozilla Foundation Security Advisory 2019-35 Security vulnerabilities fixed in - Thunderbird 682 Announced October 22, 2019 Impact critical Products Thunderbird Fixed in Thunderbird 682 ...
Google Chrome: Stable Channel Update for Desktop
The Chrome team is delighted to announce the promotion of Chrome 78 to the stable channel for Windows, Mac and Linux This will roll out over the coming days/weeks Chrome 780390470 contains a number of fixes and improvements -- a list of changes is available in the log Watch out for upcoming Chrome and Chromium blog po ...
Tenable Security Advisories: [R1] Nessus 8.15.0 Fixes Multiple Vulnerabilities
Nessus versions 8140 and earlier for Windows were found to contain multiple local privilege escalation vulnerabilities which could allow an authenticated, local administrator to run specific Windows executables as the Nessus host Additionally, two third-party components (expat, sqlite) were found to contain vulnerabilities, and updated versions ...

ICS Advisories

https://ics-cert.us-cert.gov/advisories/fd87a3fc00e025fdc5034360097d2bdf
Critical Infrastructure Sectors: Critical Manufacturing

Mailing Lists

Full Disclosure: APPLE-SA-2019-12-10-1 iOS 13.3 and iPadOS 13.3
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2019-12-10-1 iOS 133 and iPadOS 133 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Apple Prod ...
Full Disclosure: APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2019-12-10-3 macOS Catalina 10152, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra <! ...

References

CWE-125CWE-776https://github.com/libexpat/libexpat/pull/318https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43https://github.com/libexpat/libexpat/issues/317https://usn.ubuntu.com/4132-1/https://github.com/libexpat/libexpat/issues/342https://seclists.org/bugtraq/2019/Sep/30http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.htmlhttps://usn.ubuntu.com/4132-2/https://www.debian.org/security/2019/dsa-4530https://seclists.org/bugtraq/2019/Sep/37https://security.netapp.com/advisory/ntap-20190926-0004/http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.htmlhttps://seclists.org/bugtraq/2019/Oct/29http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.htmlhttp://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.htmlhttps://usn.ubuntu.com/4165-1/https://www.debian.org/security/2019/dsa-4549https://access.redhat.com/errata/RHSA-2019:3237https://access.redhat.com/errata/RHSA-2019:3210https://seclists.org/bugtraq/2019/Nov/1http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.htmlhttps://access.redhat.com/errata/RHSA-2019:3756http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.htmlhttps://lists.debian.org/debian-lts-announce/2019/11/msg00006.htmlhttps://seclists.org/bugtraq/2019/Nov/24https://www.debian.org/security/2019/dsa-4571https://lists.debian.org/debian-lts-announce/2019/11/msg00017.htmlhttps://security.gentoo.org/glsa/201911-08https://usn.ubuntu.com/4202-1/https://support.apple.com/kb/HT210788https://support.apple.com/kb/HT210785https://support.apple.com/kb/HT210790https://support.apple.com/kb/HT210789https://seclists.org/bugtraq/2019/Dec/21https://seclists.org/bugtraq/2019/Dec/23https://seclists.org/bugtraq/2019/Dec/17https://support.apple.com/kb/HT210793https://support.apple.com/kb/HT210795https://support.apple.com/kb/HT210794http://seclists.org/fulldisclosure/2019/Dec/23http://seclists.org/fulldisclosure/2019/Dec/26http://seclists.org/fulldisclosure/2019/Dec/27http://seclists.org/fulldisclosure/2019/Dec/30http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.htmlhttps://www.oracle.com/security-alerts/cpuapr2020.htmlhttps://usn.ubuntu.com/4335-1/https://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.tenable.com/security/tns-2021-11https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=939394https://nvd.nist.govhttps://usn.ubuntu.com/4202-2/https://www.cisa.gov/news-events/ics-advisories/icsa-23-348-10https://www.debian.org/security/2019/dsa-4530
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook