CVE-2016-4472
- EPSS 11.95%
- Veröffentlicht 30.06.2016 17:59:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists ...
CVE-2016-5300
- EPSS 6.54%
- Veröffentlicht 16.06.2016 18:59:10
- Zuletzt bearbeitet 06.05.2026 22:30:45
The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists beca...
CVE-2012-6702
- EPSS 2.37%
- Veröffentlicht 16.06.2016 18:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.
CVE-2016-0718
- EPSS 13.34%
- Veröffentlicht 26.05.2016 16:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.
CVE-2015-1283
- EPSS 19.07%
- Veröffentlicht 23.07.2015 00:59:12
- Zuletzt bearbeitet 06.05.2026 22:30:45
Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspec...
CVE-2013-0340
- EPSS 19.43%
- Veröffentlicht 21.01.2014 18:55:09
- Zuletzt bearbeitet 29.04.2026 01:13:23
expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests t...
- EPSS 3.57%
- Veröffentlicht 03.07.2012 19:55:02
- Zuletzt bearbeitet 16.06.2026 23:39:07
Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation...
CVE-2012-1147
- EPSS 2.57%
- Veröffentlicht 03.07.2012 19:55:02
- Zuletzt bearbeitet 16.06.2026 23:39:07
readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.
CVE-2012-0876
- EPSS 5.72%
- Veröffentlicht 03.07.2012 19:55:02
- Zuletzt bearbeitet 16.06.2026 23:38:26
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file wit...
- EPSS 24.31%
- Veröffentlicht 04.12.2009 21:30:00
- Zuletzt bearbeitet 16.06.2026 23:11:51
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that ...