Libexpat Project ≫ Libexpat

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.

Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.

Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.