📦 Libexpat

CVE-2024-45491 is an integer overflow vulnerability in libexpat's XML parsing library that can lead to heap buffer overflow on 32-bit platforms. This allows attackers to potentially execute arbitrary ...

CVE-2022-25315 is an integer overflow vulnerability in Expat's storeRawNames function that can lead to heap buffer overflow. This allows attackers to potentially execute arbitrary code or cause denial...

CVE-2022-25235 is a critical vulnerability in Expat (libexpat) XML parser where improper UTF-8 character validation allows attackers to bypass security checks. This affects any application using vulne...

CVE-2022-23852 is a signed integer overflow vulnerability in Expat (libexpat) XML parser that can lead to buffer overflow. When XML_CONTEXT_BYTES is configured to a nonzero value, XML_GetBuffer can ov...

CVE-2022-22822 is an integer overflow vulnerability in Expat's XML parser that can lead to heap buffer overflow. This allows attackers to execute arbitrary code or cause denial of service by processin...

CVE-2022-22824 is an integer overflow vulnerability in Expat's defineAttribute function in xmlparse.c. This allows attackers to cause heap-based buffer overflows, potentially leading to arbitrary code...

CVE-2024-28757 is an XML Entity Expansion vulnerability in libexpat that allows attackers to cause denial of service through resource exhaustion when external parsers are created via XML_ExternalEntit...

This vulnerability in libexpat allows attackers to cause denial of service through resource consumption by sending specially crafted XML with large tokens that require multiple buffer fills, forcing r...

CVE-2022-25314 is an integer overflow vulnerability in Expat's copyString function that can lead to heap buffer overflow. This allows attackers to potentially execute arbitrary code or cause denial of...

CVE-2022-23990 is an integer overflow vulnerability in Expat (libexpat) XML parser library that can lead to denial of service or arbitrary code execution. Any application using vulnerable versions of ...

CVE-2022-22826 is an integer overflow vulnerability in Expat's XML parser that can lead to heap memory corruption. Attackers can exploit this by providing specially crafted XML input, potentially caus...

CVE-2021-46143 is an integer overflow vulnerability in Expat's XML parser that can lead to heap memory corruption. Attackers can exploit this by providing specially crafted XML input, potentially caus...

This vulnerability in libexpat's XML_ExternalEntityParserCreate function fails to copy unknown encoding handler user data, potentially causing crashes or undefined behavior when processing malformed X...

CVE-2025-66382 is a denial-of-service vulnerability in libexpat where a specially crafted XML file (~2MB) can cause excessive processing time (dozens of seconds). This affects any application using vu...