Vulnerabilities > Libexpat Project > Libexpat > 2.2.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-01-10 | CVE-2022-22827 | Integer Overflow or Wraparound vulnerability in multiple products storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | 8.8 |
2022-01-06 | CVE-2021-46143 | Integer Overflow or Wraparound vulnerability in multiple products In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. | 7.8 |
2022-01-01 | CVE-2021-45960 | Incorrect Calculation vulnerability in multiple products In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). | 8.8 |
2019-09-04 | CVE-2019-15903 | XML Entity Expansion vulnerability in multiple products In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. | 7.5 |
2019-06-24 | CVE-2018-20843 | XXE vulnerability in multiple products In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). network low complexity libexpat-project canonical debian fedoraproject opensuse oracle tenable CWE-611 | 7.5 |
2017-07-30 | CVE-2017-11742 | Untrusted Search Path vulnerability in Libexpat Project Libexpat 2.2.1/2.2.2 The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working directory because of an untrusted search path, aka DLL hijacking. | 7.8 |