Libexpat Project

Libexpat

61 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 11.95%
  • Veröffentlicht 30.06.2016 17:59:04
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists ...

  • EPSS 6.54%
  • Veröffentlicht 16.06.2016 18:59:10
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists beca...

  • EPSS 2.37%
  • Veröffentlicht 16.06.2016 18:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.

  • EPSS 13.34%
  • Veröffentlicht 26.05.2016 16:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

  • EPSS 19.07%
  • Veröffentlicht 23.07.2015 00:59:12
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspec...

Exploit
  • EPSS 19.43%
  • Veröffentlicht 21.01.2014 18:55:09
  • Zuletzt bearbeitet 29.04.2026 01:13:23

expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests t...

  • EPSS 3.57%
  • Veröffentlicht 03.07.2012 19:55:02
  • Zuletzt bearbeitet 16.06.2026 23:39:07

Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation...

  • EPSS 2.57%
  • Veröffentlicht 03.07.2012 19:55:02
  • Zuletzt bearbeitet 16.06.2026 23:39:07

readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.

  • EPSS 5.72%
  • Veröffentlicht 03.07.2012 19:55:02
  • Zuletzt bearbeitet 16.06.2026 23:38:26

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file wit...

Exploit
  • EPSS 24.31%
  • Veröffentlicht 04.12.2009 21:30:00
  • Zuletzt bearbeitet 16.06.2026 23:11:51

The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that ...