pkg:Alpine/expat

All known vulnerabilities

• CRITICAL9.8CVE-2024-45492An issue was discovered in libexpat before 2.6.3.
  from 0, < 2.6.3-r0
• CRITICAL9.8CVE-2024-45491An issue was discovered in libexpat before 2.6.3.
  from 0, < 2.6.3-r0
• CRITICAL9.8CVE-2022-25315In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
  from 0, < 2.2.10-r2
• CRITICAL9.8xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
  from 0, < 2.2.10-r2
• CRITICAL9.8expat - security update
  from 0, < 2.2.10-r2
• CRITICAL9.8expat - security update
  from 0, < 2.2.10-r1
• CRITICAL9.8defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
  from 0, < 2.2.10-r0
• CRITICAL9.8build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
  from 0, < 2.2.10-r0
• CRITICAL9.8addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
  from 0, < 2.2.10-r0
• CRITICAL9.8expat - security update
  from 0, < 2.1.1-r1
• HIGH8.8storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
  from 0, < 2.2.10-r0
• HIGH8.8nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
  from 0, < 2.2.10-r0
• HIGH8.8lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
  from 0, < 2.2.10-r0
• HIGH8.8expat - security update
  from 0, < 2.2.10-r0
• HIGH8.1expat - security update
  from 0, < 2.2.10-r7
• HIGH8.1The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denia…
  from 0, < 2.1.1-r2
• HIGH7.8In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow c…
  from 0, < 2.7.4-r0
• HIGH7.8In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
  from 0, < 2.2.10-r0
• HIGH7.5In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized c…
  from 0, < 2.8.1-r0
• HIGH7.5thunderbird - security update
  from 0, < 2.7.2-r0
• HIGH7.5A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents.
  from 0, < 2.7.0-r0
• HIGH7.5expat - security update
  from 0, < 2.6.3-r0
• HIGH7.5libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntity…
  from 0, < 2.6.2-r0
• HIGH7.5expat - security update
  from 0, < 2.6.0-r0
• HIGH7.5expat - security update
  from 0, < 2.2.10-r8
• HIGH7.5In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
  from 0, < 2.2.10-r2
• HIGH7.5Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
  from 0, < 2.2.10-r1
• HIGH7.5expat - security update
  from 0, < 2.2.7-r1
• HIGH7.5expat - security update
  from 0, < 2.2.7-r0
• HIGH7.5expat - security update
  from 0, < 2.2.0-r1
• HIGH7.5The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial…
  from 0, < 2.2.0-r0
• MEDIUM6.5In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
  from 0, < 2.2.10-r2
• MEDIUM5.9expat - security update
  from 0, < 2.6.4-r0
• MEDIUM5.9expat - security update
  from 0, < 2.2.0-r0
• MEDIUM5.5libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.
  from 0, < 2.7.5-r0
• MEDIUM5.5libexpat before 2.7.5 allows an infinite loop while parsing DTD content.
  from 0, < 2.7.5-r0
• MEDIUM5.5libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.
  from 0, < 2.7.5-r0
• MEDIUM5.5libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.
  from 0, < 2.6.0-r0
• LOW2.9libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.
  from 0, < 2.8.0-r0
• LOW2.5In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.
  from 0, < 2.7.4-r0