rpm package
almalinux/mingw32-expat
pkg:rpm/almalinux/mingw32-expat
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-59375 | Hig | 7.5 | < 2.5.0-1.el8_10 | 2.5.0-1.el8_10 | Sep 15, 2025 | libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. | |
| CVE-2022-40674 | — | < 2.4.8-2.el8 | 2.4.8-2.el8 | Sep 14, 2022 | libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. | ||
| CVE-2022-25314 | — | < 2.4.8-1.el8 | 2.4.8-1.el8 | Feb 18, 2022 | In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. | ||
| CVE-2022-25315 | — | < 2.4.8-1.el8 | 2.4.8-1.el8 | Feb 18, 2022 | In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. | ||
| CVE-2022-25313 | — | < 2.4.8-1.el8 | 2.4.8-1.el8 | Feb 18, 2022 | In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. | ||
| CVE-2022-25235 | — | < 2.4.8-1.el8 | 2.4.8-1.el8 | Feb 16, 2022 | xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. | ||
| CVE-2022-25236 | — | < 2.4.8-1.el8 | 2.4.8-1.el8 | Feb 16, 2022 | xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. | ||
| CVE-2022-23990 | — | < 2.4.8-1.el8 | 2.4.8-1.el8 | Jan 26, 2022 | Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function. | ||
| CVE-2018-20843 | — | < 2.2.4-5.el8 | 2.2.4-5.el8 | Jun 24, 2019 | In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). |
- affected < 2.5.0-1.el8_10fixed 2.5.0-1.el8_10
libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.
- CVE-2022-40674Sep 14, 2022affected < 2.4.8-2.el8fixed 2.4.8-2.el8
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
- CVE-2022-25314Feb 18, 2022affected < 2.4.8-1.el8fixed 2.4.8-1.el8
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
- CVE-2022-25315Feb 18, 2022affected < 2.4.8-1.el8fixed 2.4.8-1.el8
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
- CVE-2022-25313Feb 18, 2022affected < 2.4.8-1.el8fixed 2.4.8-1.el8
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
- CVE-2022-25235Feb 16, 2022affected < 2.4.8-1.el8fixed 2.4.8-1.el8
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
- CVE-2022-25236Feb 16, 2022affected < 2.4.8-1.el8fixed 2.4.8-1.el8
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
- CVE-2022-23990Jan 26, 2022affected < 2.4.8-1.el8fixed 2.4.8-1.el8
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
- CVE-2018-20843Jun 24, 2019affected < 2.2.4-5.el8fixed 2.2.4-5.el8
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).