rpm package
almalinux/expat-devel
pkg:rpm/almalinux/expat-devel
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-45186 | Low | 2.9 | < 2.7.3-1.el10_2.1 | 2.7.3-1.el10_2.1 | May 10, 2026 | In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input. | |
| CVE-2025-59375 | Hig | 7.5 | < 2.7.1-1.el10_0.3 | 2.7.1-1.el10_0.3 | Sep 15, 2025 | libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. | |
| CVE-2024-8176 | Hig | 7.5 | < 2.5.0-3.el9_5.3 | 2.5.0-3.el9_5.3 | Mar 14, 2025 | A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and c | |
| CVE-2024-50602 | Med | 5.9 | < 2.2.5-16.el8_10 | 2.2.5-16.el8_10 | Oct 27, 2024 | An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. | |
| CVE-2024-45492 | Cri | 9.8 | < 2.5.0-2.el9_4.1 | 2.5.0-2.el9_4.1 | Aug 30, 2024 | An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). | |
| CVE-2024-45491 | Cri | 9.8 | < 2.5.0-2.el9_4.1 | 2.5.0-2.el9_4.1 | Aug 30, 2024 | An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). | |
| CVE-2024-45490 | Hig | 7.5 | < 2.5.0-2.el9_4.1 | 2.5.0-2.el9_4.1 | Aug 30, 2024 | An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. | |
| CVE-2024-28757 | Hig | 7.5 | < 2.5.0-1.el9_3.1 | 2.5.0-1.el9_3.1 | Mar 10, 2024 | libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). | |
| CVE-2023-52425 | Hig | 7.5 | < 2.5.0-1.el9_3.1 | 2.5.0-1.el9_3.1 | Feb 4, 2024 | libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. | |
| CVE-2022-43680 | Hig | 7.5 | < 2.2.5-10.el8_7.1 | 2.2.5-10.el8_7.1 | Oct 24, 2022 | In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. | |
| CVE-2022-40674 | Hig | 8.1 | < 2.2.10-12.el9_0.3 | 2.2.10-12.el9_0.3 | Sep 14, 2022 | libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. | |
| CVE-2022-25315 | Cri | 9.8 | < 2.2.5-8.el8_6.2 | 2.2.5-8.el8_6.2 | Feb 18, 2022 | In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. | |
| CVE-2022-25314 | Hig | 7.5 | < 2.2.10-12.el9_0.2 | 2.2.10-12.el9_0.2 | Feb 18, 2022 | In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. | |
| CVE-2022-25313 | Med | 6.5 | < 2.2.10-12.el9_0.2 | 2.2.10-12.el9_0.2 | Feb 18, 2022 | In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. | |
| CVE-2022-25236 | Cri | 9.8 | < 2.2.5-8.el8_6.2 | 2.2.5-8.el8_6.2 | Feb 16, 2022 | xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. | |
| CVE-2022-25235 | Cri | 9.8 | < 2.2.5-8.el8_6.2 | 2.2.5-8.el8_6.2 | Feb 16, 2022 | xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. | |
| CVE-2022-23852 | Cri | 9.8 | < 2.2.5-8.el8_6.2 | 2.2.5-8.el8_6.2 | Jan 24, 2022 | Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. | |
| CVE-2022-22827 | Hig | 8.8 | < 2.2.5-8.el8_6.2 | 2.2.5-8.el8_6.2 | Jan 10, 2022 | storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | |
| CVE-2022-22826 | Hig | 8.8 | < 2.2.5-8.el8_6.2 | 2.2.5-8.el8_6.2 | Jan 10, 2022 | nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. | |
| CVE-2022-22825 | Hig | 8.8 | < 2.2.5-8.el8_6.2 | 2.2.5-8.el8_6.2 | Jan 10, 2022 | lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
- affected < 2.7.3-1.el10_2.1fixed 2.7.3-1.el10_2.1
In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.
- affected < 2.7.1-1.el10_0.3fixed 2.7.1-1.el10_0.3
libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.
- affected < 2.5.0-3.el9_5.3fixed 2.5.0-3.el9_5.3
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and c
- affected < 2.2.5-16.el8_10fixed 2.2.5-16.el8_10
An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.
- affected < 2.5.0-2.el9_4.1fixed 2.5.0-2.el9_4.1
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
- affected < 2.5.0-2.el9_4.1fixed 2.5.0-2.el9_4.1
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
- affected < 2.5.0-2.el9_4.1fixed 2.5.0-2.el9_4.1
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
- affected < 2.5.0-1.el9_3.1fixed 2.5.0-1.el9_3.1
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
- affected < 2.5.0-1.el9_3.1fixed 2.5.0-1.el9_3.1
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
- affected < 2.2.5-10.el8_7.1fixed 2.2.5-10.el8_7.1
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
- affected < 2.2.10-12.el9_0.3fixed 2.2.10-12.el9_0.3
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
- affected < 2.2.5-8.el8_6.2fixed 2.2.5-8.el8_6.2
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
- affected < 2.2.10-12.el9_0.2fixed 2.2.10-12.el9_0.2
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
- affected < 2.2.10-12.el9_0.2fixed 2.2.10-12.el9_0.2
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
- affected < 2.2.5-8.el8_6.2fixed 2.2.5-8.el8_6.2
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
- affected < 2.2.5-8.el8_6.2fixed 2.2.5-8.el8_6.2
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
- affected < 2.2.5-8.el8_6.2fixed 2.2.5-8.el8_6.2
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
- affected < 2.2.5-8.el8_6.2fixed 2.2.5-8.el8_6.2
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
- affected < 2.2.5-8.el8_6.2fixed 2.2.5-8.el8_6.2
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
- affected < 2.2.5-8.el8_6.2fixed 2.2.5-8.el8_6.2
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
Page 1 of 2