Product:
Libexpat
(Libexpat_project)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 13 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-06-24 | CVE-2018-20843 | In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). | Ubuntu_linux, Debian_linux, Fedora, Libexpat, Leap, Outside_in_technology | 7.5 | ||
| 2016-06-16 | CVE-2016-5300 | The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0876. | Ubuntu_linux, Debian_linux, Android, Libexpat | 7.5 | ||
| 2016-06-30 | CVE-2016-4472 | The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716. | Ubuntu_linux, Libexpat | 8.1 | ||
| 2016-05-26 | CVE-2016-0718 | Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow. | Mac_os_x, Ubuntu_linux, Debian_linux, Libexpat, Firefox, Leap, Opensuse, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Studio_onsite | 9.8 | ||
| 2015-07-23 | CVE-2015-1283 | Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. | Chrome, Libexpat | N/A | ||
| 2014-01-21 | CVE-2013-0340 | expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for... | Libexpat | N/A | ||
| 2016-06-16 | CVE-2012-6702 | Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function. | Ubuntu_linux, Debian_linux, Android, Libexpat | 5.9 | ||
| 2012-07-03 | CVE-2012-1148 | Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. | Mac_os_x, Libexpat | N/A | ||
| 2012-07-03 | CVE-2012-1147 | readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files. | Mac_os_x, Libexpat | N/A | ||
| 2012-07-03 | CVE-2012-0876 | The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. | Libexpat | N/A |