Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'Libexpat'
2022-02-18
CVE-2022-25313
CWE-400
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
CVE-2022-25314
CWE-190
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
CVE-2022-25315
CWE-190
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
2022-02-16
CVE-2022-25235
CWE-116
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
CVE-2022-25236
CWE-668
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
2022-01-26
CVE-2022-23990
CWE-190
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
2022-01-24
CVE-2022-23852
CWE-190
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
2022-01-10
CVE-2022-22822
CWE-190
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22823
CWE-190
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVE-2022-22824
CWE-190
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Copyright
2024
, cxsecurity.com
Back to Top
Vulnerabilities for 'Libexpat' 