CVE-2024-45491
Description
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Integer overflow in libexpat's dtdCopy on 32-bit systems allows heap corruption, leading to remote code execution or denial of service.
Vulnerability
Details
An integer overflow vulnerability exists in libexpat's dtdCopy function within xmlparse.c, affecting versions prior to 2.6.3. The flaw occurs when calculating memory allocation for default attributes (nDefaultAtts). On 32-bit platforms where UINT_MAX equals SIZE_MAX, the multiplication can overflow, leading to an undersized heap buffer allocation [3][4].
Exploitation
An attacker can trigger the overflow by crafting a malicious XML document that supplies a large number of default attribute definitions, causing nDefaultAtts to exceed UINT_MAX. No authentication is required; the attack is network-based and can be delivered through any application that parses untrusted XML with expat. The CVSS v3.1 score is 9.8, reflecting the low complexity and no privileges required [1].
Impact
Successful exploitation results in heap corruption, which can be leveraged to execute arbitrary code or cause a denial of service. The vulnerability is especially dangerous in embedded and industrial control systems (e.g., Siemens SIMATIC S7-1500 family) where expat is used to parse configuration or communication data [1][2].
Mitigation
The issue is fixed in libexpat 2.6.3 [3]. Users are advised to update immediately. Siemens has released product-specific advisories (SSA-082556) for affected devices [1]. No public exploit code is known at the time of publication.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
43- libexpat/libexpatdescription
- osv-coords42 versionspkg:rpm/almalinux/expatpkg:rpm/almalinux/expat-develpkg:rpm/almalinux/xmlrpc-cpkg:rpm/almalinux/xmlrpc-c-c%2B%2Bpkg:rpm/almalinux/xmlrpc-c-clientpkg:rpm/almalinux/xmlrpc-c-client%2B%2Bpkg:rpm/almalinux/xmlrpc-c-develpkg:rpm/opensuse/expat&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/expat&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/expat&distro=openSUSE%20Leap%20Micro%205.5pkg:rpm/opensuse/expat&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/mozjs115&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/mozjs115&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/mozjs128&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/mozjs52&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/mozjs60&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/mozjs78&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/mozjs78&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/mozjs78&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/x3270&distro=openSUSE%20Tumbleweedpkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/expat&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/expat&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/mozjs115&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP6pkg:rpm/suse/mozjs52&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7pkg:rpm/suse/mozjs60&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/mozjs60&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/mozjs60&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/mozjs60&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/mozjs60&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP7pkg:rpm/suse/mozjs78&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP5pkg:rpm/suse/mozjs78&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5pkg:rpm/suse/mozjs78&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
< 2.5.0-2.el9_4.1+ 41 more
- (no CPE)range: < 2.5.0-2.el9_4.1
- (no CPE)range: < 2.5.0-2.el9_4.1
- (no CPE)range: < 1.51.0-10.el8_10
- (no CPE)range: < 1.51.0-10.el8_10
- (no CPE)range: < 1.51.0-10.el8_10
- (no CPE)range: < 1.51.0-10.el8_10
- (no CPE)range: < 1.51.0-10.el8_10
- (no CPE)range: < 2.4.4-150400.3.22.1
- (no CPE)range: < 2.4.4-150400.3.22.1
- (no CPE)range: < 2.4.4-150400.3.22.1
- (no CPE)range: < 2.6.3-1.1
- (no CPE)range: < 115.4.0-150600.3.3.1
- (no CPE)range: < 115.4.0-5.1
- (no CPE)range: < 128.2.0-2.1
- (no CPE)range: < 52.6.0-150000.3.9.1
- (no CPE)range: < 60.9.0-150200.6.8.1
- (no CPE)range: < 78.15.0-150400.3.6.2
- (no CPE)range: < 78.15.0-150400.3.6.2
- (no CPE)range: < 78.15.0-5.1
- (no CPE)range: < 4.3-4.1
- (no CPE)range: < 2.2.5-150000.3.30.1
- (no CPE)range: < 2.2.5-150000.3.30.1
- (no CPE)range: < 2.4.4-150400.3.22.1
- (no CPE)range: < 2.4.4-150400.3.22.1
- (no CPE)range: < 2.4.4-150400.3.22.1
- (no CPE)range: < 2.4.4-150400.3.22.1
- (no CPE)range: < 2.4.4-150400.3.22.1
- (no CPE)range: < 2.1.0-21.37.1
- (no CPE)range: < 2.1.0-21.37.1
- (no CPE)range: < 2.1.0-21.37.1
- (no CPE)range: < 2.5.0-3.1
- (no CPE)range: < 2.7.1-slfo.1.1_1.1
- (no CPE)range: < 115.4.0-150600.3.3.1
- (no CPE)range: < 52.6.0-150000.3.9.1
- (no CPE)range: < 60.9.0-150200.6.8.1
- (no CPE)range: < 60.9.0-150200.6.8.1
- (no CPE)range: < 60.9.0-150200.6.8.1
- (no CPE)range: < 60.9.0-150200.6.8.1
- (no CPE)range: < 60.9.0-150200.6.8.1
- (no CPE)range: < 78.15.0-150400.3.6.2
- (no CPE)range: < 78.15.0-150400.3.6.2
- (no CPE)range: < 78.15.0-150400.3.6.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/libexpat/libexpat/pull/891nvdPatch
- github.com/libexpat/libexpat/issues/888nvdIssue Tracking
- cert-portal.siemens.com/productcert/html/ssa-082556.htmlnvd
- cert-portal.siemens.com/productcert/html/ssa-613116.htmlnvd
- lists.debian.org/debian-lts-announce/2024/09/msg00036.htmlnvd
- security.netapp.com/advisory/ntap-20241018-0003/nvd
News mentions
0No linked articles in our index yet.