VYPR

Vendor CVEs

Libexpat Project

All CVEs

63 total · sorted by risk
  • CVE-2022-23990Jan 26, 2022
    risk 0.00cvss epss 0.04

    Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

  • CVE-2022-23852Jan 24, 2022
    risk 0.00cvss epss 0.05

    Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

  • CVE-2022-22822Jan 8, 2022
    risk 0.00cvss epss 0.05

    addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

  • CVE-2022-22823Jan 8, 2022
    risk 0.00cvss epss 0.03

    build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

  • CVE-2022-22824Jan 8, 2022
    risk 0.00cvss epss 0.03

    defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

  • CVE-2022-22825Jan 8, 2022
    risk 0.00cvss epss 0.03

    lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

  • CVE-2022-22826Jan 8, 2022
    risk 0.00cvss epss 0.03

    nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

  • CVE-2022-22827Jan 8, 2022
    risk 0.00cvss epss 0.03

    storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

  • CVE-2021-46143Jan 6, 2022
    risk 0.00cvss epss 0.04

    In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.

  • CVE-2021-45960Jan 1, 2022
    risk 0.00cvss epss 0.04

    In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).

  • CVE-2012-1148Jul 3, 2012
    risk 0.00cvss epss 0.04

    Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding…

  • CVE-2012-1147Jul 3, 2012
    risk 0.00cvss epss 0.03

    readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.

  • CVE-2012-0876Jul 3, 2012
    risk 0.00cvss epss 0.06

    The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the…

Page 2 of 2