RSS   Podatności dla 'Libexpat'   RSS

2022-02-18
 
CVE-2022-25313

CWE-400
 

 
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

 
 
CVE-2022-25314

CWE-190
 

 
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.

 
 
CVE-2022-25315

CWE-190
 

 
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

 
2022-02-16
 
CVE-2022-25235

CWE-116
 

 
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

 
 
CVE-2022-25236

CWE-668
 

 
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

 
2022-01-26
 
CVE-2022-23990

CWE-190
 

 
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

 
2022-01-24
 
CVE-2022-23852

CWE-190
 

 
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

 
2022-01-10
 
CVE-2022-22822

CWE-190
 

 
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

 
 
CVE-2022-22823

CWE-190
 

 
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

 
 
CVE-2022-22824

CWE-190
 

 
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

 


Copyright 2024, cxsecurity.com

 

Back to Top