Vulnerabilities > Libexpat Project > Libexpat > 2.2.8
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-04 | CVE-2023-52425 | Resource Exhaustion vulnerability in Libexpat Project Libexpat libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. | 7.5 |
2024-02-04 | CVE-2023-52426 | XML Entity Expansion vulnerability in Libexpat Project Libexpat libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time. | 5.5 |
2022-10-24 | CVE-2022-43680 | Use After Free vulnerability in multiple products In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. | 7.5 |
2022-09-14 | CVE-2022-40674 | Use After Free vulnerability in multiple products libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. | 8.1 |
2022-02-18 | CVE-2022-25313 | Uncontrolled Recursion vulnerability in multiple products In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. | 6.5 |
2022-02-18 | CVE-2022-25314 | Integer Overflow or Wraparound vulnerability in multiple products In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. | 7.5 |
2022-02-18 | CVE-2022-25315 | Integer Overflow or Wraparound vulnerability in multiple products In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. | 9.8 |
2022-02-16 | CVE-2022-25235 | Improper Encoding or Escaping of Output vulnerability in multiple products xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. | 9.8 |
2022-02-16 | CVE-2022-25236 | Exposure of Resource to Wrong Sphere vulnerability in multiple products xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. | 9.8 |
2022-01-26 | CVE-2022-23990 | Integer Overflow or Wraparound vulnerability in multiple products Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. | 7.5 |