Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:libexpat_project:libexpat:2.4.8:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-52426 |
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time. Published: February 04, 2024; 3:15:46 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0:(not available) |
CVE-2023-52425 |
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. Published: February 04, 2024; 3:15:46 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-43680 |
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. Published: October 24, 2022; 10:15:53 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-40674 |
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. Published: September 14, 2022; 7:15:54 AM -0400 |
V4.0:(not available) V3.1: 8.1 HIGH V2.0:(not available) |