VYPR

rpm package

almalinux/expat-devel

pkg:rpm/almalinux/expat-devel

Vulnerabilities (25)

  • CVE-2022-22825Jan 8, 2022
    affected < 2.2.5-8.el8_6.2fixed 2.2.5-8.el8_6.2

    lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

  • CVE-2022-22826Jan 8, 2022
    affected < 2.2.5-8.el8_6.2fixed 2.2.5-8.el8_6.2

    nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

  • CVE-2022-22827Jan 8, 2022
    affected < 2.2.5-8.el8_6.2fixed 2.2.5-8.el8_6.2

    storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

  • CVE-2021-46143Jan 6, 2022
    affected < 2.2.5-8.el8_6.2fixed 2.2.5-8.el8_6.2

    In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

  • CVE-2021-45960Jan 1, 2022
    affected < 2.2.5-8.el8_6.2fixed 2.2.5-8.el8_6.2

    In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

Page 2 of 2