VYPR

rpm package

opensuse/expat&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/expat&distro=openSUSE%20Tumbleweed

Vulnerabilities (49)

  • CVE-2016-0718CriMay 26, 2016
    affected < 2.2.0-3.1fixed 2.2.0-3.1

    Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

  • CVE-2015-1283Jul 23, 2015
    affected < 2.2.0-3.1fixed 2.2.0-3.1

    Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted

  • CVE-2013-0340Jan 21, 2014
    affected < 2.4.1-1.2fixed 2.4.1-1.2

    expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read ar

  • CVE-2012-1148Jul 3, 2012
    affected < 2.2.0-3.1fixed 2.2.0-3.1

    Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entit

  • CVE-2012-1147Jul 3, 2012
    affected < 2.2.0-3.1fixed 2.2.0-3.1

    readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.

  • CVE-2012-0876Jul 3, 2012
    affected < 2.2.0-3.1fixed 2.2.0-3.1

    The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the sa

  • CVE-2009-3560Dec 4, 2009
    affected < 2.2.0-3.1fixed 2.2.0-3.1

    The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, re

  • CVE-2009-3720Nov 3, 2009
    affected < 2.2.0-3.1fixed 2.2.0-3.1

    The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger

  • CVE-2009-2625Aug 6, 2009
    affected < 2.2.0-3.1fixed 2.2.0-3.1

    XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malfo

Page 3 of 3