Filtered by vendor Libexpat Project
Subscribe
Total
49 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20843 | 7 Canonical, Debian, Fedoraproject and 4 more | 9 Ubuntu Linux, Debian Linux, Fedora and 6 more | 2026-06-17 | 7.8 HIGH | 7.5 HIGH |
| In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). | |||||
| CVE-2017-9233 | 3 Debian, Libexpat Project, Python | 3 Debian Linux, Libexpat, Python | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD. | |||||
| CVE-2017-11742 | 2 Libexpat Project, Microsoft | 2 Libexpat, Windows | 2026-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working directory because of an untrusted search path, aka DLL hijacking. | |||||
| CVE-2016-5300 | 4 Canonical, Debian, Google and 1 more | 4 Ubuntu Linux, Debian Linux, Android and 1 more | 2026-06-17 | 7.8 HIGH | 7.5 HIGH |
| The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. | |||||
| CVE-2016-4472 | 4 Canonical, Libexpat Project, Mcafee and 1 more | 4 Ubuntu Linux, Libexpat, Policy Auditor and 1 more | 2026-06-17 | 6.8 MEDIUM | 8.1 HIGH |
| The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716. | |||||
| CVE-2016-0718 | 9 Apple, Canonical, Debian and 6 more | 14 Mac Os X, Ubuntu Linux, Debian Linux and 11 more | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. | |||||
| CVE-2015-1283 | 8 Canonical, Debian, Google and 5 more | 13 Ubuntu Linux, Debian Linux, Chrome and 10 more | 2026-06-17 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. | |||||
| CVE-2013-0340 | 3 Apple, Libexpat Project, Python | 7 Ipados, Iphone Os, Macos and 4 more | 2026-06-16 | 6.8 MEDIUM | N/A |
| expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE. | |||||
| CVE-2012-6702 | 4 Canonical, Debian, Google and 1 more | 4 Ubuntu Linux, Debian Linux, Android and 1 more | 2026-06-16 | 4.3 MEDIUM | 5.9 MEDIUM |
| Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. | |||||
| CVE-2012-1148 | 2 Apple, Libexpat Project | 2 Mac Os X, Libexpat | 2026-06-16 | 5.0 MEDIUM | N/A |
| Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. | |||||
| CVE-2012-1147 | 2 Apple, Libexpat Project | 2 Mac Os X, Libexpat | 2026-06-16 | 4.3 MEDIUM | N/A |
| readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files. | |||||
| CVE-2012-0876 | 6 Canonical, Debian, Libexpat Project and 3 more | 11 Ubuntu Linux, Debian Linux, Libexpat and 8 more | 2026-06-16 | 4.3 MEDIUM | N/A |
| The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. | |||||
| CVE-2009-3720 | 4 A M Kuchling, Apache, Libexpat Project and 1 more | 4 Pyxml, Http Server, Libexpat and 1 more | 2026-06-16 | 5.0 MEDIUM | N/A |
| The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625. | |||||
| CVE-2009-3560 | 3 Apache, Libexpat Project, Xmltwig | 3 Http Server, Libexpat, Xml-twig For Perl | 2026-06-16 | 5.0 MEDIUM | N/A |
| The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720. | |||||
| CVE-2026-41080 | 1 Libexpat Project | 1 Libexpat | 2026-06-12 | N/A | 2.9 LOW |
| libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. | |||||
| CVE-2026-50219 | 1 Libexpat Project | 1 Libexpat | 2026-06-04 | N/A | 4.9 MEDIUM |
| libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur, | |||||
| CVE-2026-25210 | 1 Libexpat Project | 1 Libexpat | 2026-06-02 | N/A | 6.9 MEDIUM |
| In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation. | |||||
| CVE-2026-24515 | 1 Libexpat Project | 1 Libexpat | 2026-06-02 | N/A | 2.9 LOW |
| In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data. | |||||
| CVE-2025-66382 | 1 Libexpat Project | 1 Libexpat | 2026-06-02 | N/A | 2.9 LOW |
| In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time. | |||||
| CVE-2026-45186 | 1 Libexpat Project | 1 Libexpat | 2026-05-14 | N/A | 2.9 LOW |
| In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input. | |||||