VYPR

rpm package

almalinux/expat

pkg:rpm/almalinux/expat

Vulnerabilities (25)

  • CVE-2022-22824CriJan 10, 2022
    affected < 2.2.5-8.el8_6.2fixed 2.2.5-8.el8_6.2

    defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

  • CVE-2022-22823CriJan 10, 2022
    affected < 2.2.5-8.el8_6.2fixed 2.2.5-8.el8_6.2

    build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

  • CVE-2022-22822CriJan 10, 2022
    affected < 2.2.5-8.el8_6.2fixed 2.2.5-8.el8_6.2

    addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

  • CVE-2021-46143HigJan 6, 2022
    affected < 2.2.5-8.el8_6.2fixed 2.2.5-8.el8_6.2

    In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

  • CVE-2021-45960HigJan 1, 2022
    affected < 2.2.5-8.el8_6.2fixed 2.2.5-8.el8_6.2

    In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

Page 2 of 2