Filtered by vendor Libexpat Project
Subscriptions
Total
47 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-41080 | 1 Libexpat Project | 1 Libexpat | 2026-04-23 | 2.9 Low |
| libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. | ||||
| CVE-2009-3560 | 4 Apache, Libexpat Project, Redhat and 1 more | 6 Http Server, Libexpat, Enterprise Linux and 3 more | 2026-04-23 | N/A |
| The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720. | ||||
| CVE-2009-3720 | 5 A M Kuchling, Apache, Libexpat Project and 2 more | 7 Pyxml, Http Server, Libexpat and 4 more | 2026-04-23 | N/A |
| The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625. | ||||
| CVE-2025-66382 | 1 Libexpat Project | 1 Libexpat | 2026-04-20 | 2.9 Low |
| In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time. | ||||
| CVE-2026-25210 | 1 Libexpat Project | 1 Libexpat | 2026-04-18 | 6.9 Medium |
| In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation. | ||||
| CVE-2026-24515 | 1 Libexpat Project | 1 Libexpat | 2026-04-18 | 2.9 Low |
| In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data. | ||||
| CVE-2026-32776 | 1 Libexpat Project | 1 Libexpat | 2026-03-24 | 4 Medium |
| libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. | ||||
| CVE-2026-32777 | 1 Libexpat Project | 1 Libexpat | 2026-03-24 | 4 Medium |
| libexpat before 2.7.5 allows an infinite loop while parsing DTD content. | ||||
| CVE-2026-32778 | 1 Libexpat Project | 1 Libexpat | 2026-03-24 | 2.9 Low |
| libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition. | ||||
| CVE-2013-0340 | 3 Apple, Libexpat Project, Python | 7 Ipados, Iphone Os, Macos and 4 more | 2025-11-25 | N/A |
| expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE. | ||||
| CVE-2025-59375 | 1 Libexpat Project | 1 Libexpat | 2025-11-04 | 7.5 High |
| libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. | ||||
| CVE-2024-28757 | 4 Fedoraproject, Libexpat Project, Netapp and 1 more | 23 Fedora, Libexpat, Active Iq Unified Manager and 20 more | 2025-11-04 | 7.5 High |
| libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). | ||||
| CVE-2023-52426 | 1 Libexpat Project | 1 Libexpat | 2025-11-04 | 5.5 Medium |
| libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time. | ||||
| CVE-2023-52425 | 2 Libexpat Project, Redhat | 4 Libexpat, Enterprise Linux, Jboss Core Services and 1 more | 2025-11-04 | 7.5 High |
| libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. | ||||
| CVE-2024-45492 | 3 Libexpat, Libexpat Project, Redhat | 5 Expat, Libexpat, Enterprise Linux and 2 more | 2025-11-04 | 7.3 High |
| An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). | ||||
| CVE-2024-45491 | 3 Libexpat, Libexpat Project, Redhat | 5 Expat, Libexpat, Enterprise Linux and 2 more | 2025-11-04 | 7.3 High |
| An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). | ||||
| CVE-2024-45490 | 2 Libexpat Project, Redhat | 5 Libexpat, Enterprise Linux, Jboss Core Services and 2 more | 2025-11-04 | 9.8 Critical |
| An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. | ||||
| CVE-2024-50602 | 4 Debian, Libexpat Project, Netapp and 1 more | 19 Debian Linux, Libexpat, Active Iq Unified Manager and 16 more | 2025-10-15 | 5.9 Medium |
| An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. | ||||
| CVE-2022-43680 | 5 Debian, Fedoraproject, Libexpat Project and 2 more | 24 Debian Linux, Fedora, Libexpat and 21 more | 2025-05-30 | 7.5 High |
| In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. | ||||
| CVE-2022-40674 | 4 Debian, Fedoraproject, Libexpat Project and 1 more | 9 Debian Linux, Fedora, Libexpat and 6 more | 2025-05-30 | 8.1 High |
| libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. | ||||