Vulnerabilities > Libexpat Project

DATE	CVE	VULNERABILITY TITLE	RISK
2024-08-30	CVE-2024-45490	XXE vulnerability in Libexpat Project Libexpat An issue was discovered in libexpat before 2.6.3. network low complexity libexpat-project CWE-611	7.5
2024-08-30	CVE-2024-45491	Integer Overflow or Wraparound vulnerability in Libexpat Project Libexpat An issue was discovered in libexpat before 2.6.3. network low complexity libexpat-project CWE-190 critical	9.8
2024-08-30	CVE-2024-45492	Integer Overflow or Wraparound vulnerability in Libexpat Project Libexpat An issue was discovered in libexpat before 2.6.3. network low complexity libexpat-project CWE-190 critical	9.8
2024-02-04	CVE-2023-52425	Resource Exhaustion vulnerability in Libexpat Project Libexpat libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. network low complexity libexpat-project CWE-400	7.5
2024-02-04	CVE-2023-52426	XML Entity Expansion vulnerability in Libexpat Project Libexpat libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time. local low complexity libexpat-project CWE-776	5.5
2022-10-24	CVE-2022-43680	Use After Free vulnerability in multiple products In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. network low complexity libexpat-project debian fedoraproject netapp CWE-416	7.5
2022-09-14	CVE-2022-40674	Use After Free vulnerability in multiple products libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. network high complexity libexpat-project debian fedoraproject CWE-416	8.1
2022-02-18	CVE-2022-25313	Uncontrolled Recursion vulnerability in multiple products In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. network low complexity libexpat-project debian fedoraproject oracle siemens CWE-674	6.5
2022-02-18	CVE-2022-25314	Integer Overflow or Wraparound vulnerability in multiple products In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. network low complexity libexpat-project debian fedoraproject oracle siemens CWE-190	7.5
2022-02-18	CVE-2022-25315	Integer Overflow or Wraparound vulnerability in multiple products In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. network low complexity libexpat-project debian fedoraproject oracle siemens CWE-190 critical	9.8

Vulnerabilities > Libexpat Project {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Libexpat Project"}]}

Vulnerabilities > Libexpat Project