Vulnerabilities > Libexpat Project > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-08-30 CVE-2024-45491 Integer Overflow or Wraparound vulnerability in Libexpat Project Libexpat
An issue was discovered in libexpat before 2.6.3.
network
low complexity
libexpat-project CWE-190
critical
 9.8
9.8
2024-08-30 CVE-2024-45492 Integer Overflow or Wraparound vulnerability in Libexpat Project Libexpat
An issue was discovered in libexpat before 2.6.3.
network
low complexity
libexpat-project CWE-190
critical
 9.8
9.8
2022-02-18 CVE-2022-25315 Integer Overflow or Wraparound vulnerability in multiple products
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
network
low complexity
libexpat-project debian fedoraproject oracle siemens CWE-190
critical
 9.8
9.8
2022-02-16 CVE-2022-25235 Improper Encoding or Escaping of Output vulnerability in multiple products
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
network
low complexity
libexpat-project debian fedoraproject oracle siemens CWE-116
critical
 9.8
9.8
2022-02-16 CVE-2022-25236 Exposure of Resource to Wrong Sphere vulnerability in multiple products
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
network
low complexity
libexpat-project debian oracle siemens CWE-668
critical
 9.8
9.8
2022-01-24 CVE-2022-23852 Integer Overflow or Wraparound vulnerability in multiple products
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
network
low complexity
libexpat-project netapp tenable debian oracle siemens CWE-190
critical
 9.8
9.8
2022-01-10 CVE-2022-22822 Integer Overflow or Wraparound vulnerability in multiple products
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
network
low complexity
libexpat-project tenable siemens debian CWE-190
critical
 9.8
9.8
2022-01-10 CVE-2022-22823 Integer Overflow or Wraparound vulnerability in multiple products
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
network
low complexity
libexpat-project tenable debian siemens CWE-190
critical
 9.8
9.8
2022-01-10 CVE-2022-22824 Integer Overflow or Wraparound vulnerability in multiple products
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
network
low complexity
libexpat-project tenable debian siemens CWE-190
critical
 9.8
9.8
2016-05-26 CVE-2016-0718 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. 		9.8
9.8