Vulnerabilities > Libexpat Project > Libexpat > 2.4.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-30 | CVE-2024-45490 | XXE vulnerability in Libexpat Project Libexpat An issue was discovered in libexpat before 2.6.3. | 7.5 |
| 2024-08-30 | CVE-2024-45491 | Integer Overflow or Wraparound vulnerability in Libexpat Project Libexpat An issue was discovered in libexpat before 2.6.3. | 9.8 |
| 2024-08-30 | CVE-2024-45492 | Integer Overflow or Wraparound vulnerability in Libexpat Project Libexpat An issue was discovered in libexpat before 2.6.3. | 9.8 |
| 2024-03-10 | CVE-2024-28757 | XML Entity Expansion vulnerability in multiple products libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). | 7.5 |
| 2024-02-04 | CVE-2023-52425 | Resource Exhaustion vulnerability in Libexpat Project Libexpat libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. | 7.5 |
| 2024-02-04 | CVE-2023-52426 | XML Entity Expansion vulnerability in Libexpat Project Libexpat libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time. | 5.5 |
| 2022-10-24 | CVE-2022-43680 | Use After Free vulnerability in multiple products In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. | 7.5 |
| 2022-09-14 | CVE-2022-40674 | Use After Free vulnerability in multiple products libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. | 8.1 |