pkg:Debian/libxmltok

All known vulnerabilities

• CRITICAL9.8CVE-2024-45492An issue was discovered in libexpat before 2.6.3.
  from 0
• CRITICAL9.8CVE-2024-45491An issue was discovered in libexpat before 2.6.3.
  from 0
• CRITICAL9.8CVE-2022-25315In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
  from 0
• CRITICAL9.8xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
  from 0
• CRITICAL9.8expat - security update
  from 0
• CRITICAL9.8expat - security update
  from 0
• CRITICAL9.8defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
  from 0
• CRITICAL9.8build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
  from 0
• CRITICAL9.8addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
  from 0
• CRITICAL9.8An integer overflow during the parsing of XML using the Expat library.
  from 0
• CRITICAL9.8expat - security update
  from 0
• HIGH8.8storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
  from 0
• HIGH8.8nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
  from 0
• HIGH8.8lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
  from 0
• HIGH8.8expat - security update
  from 0
• HIGH8.1expat - security update
  from 0
• HIGH8.1The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denia…
  from 0
• HIGH7.8In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
  from 0
• HIGH7.5A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents.
  from 0
• HIGH7.5expat - security update
  from 0
• HIGH7.5libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntity…
  from 0
• HIGH7.5expat - security update
  from 0
• HIGH7.5expat - security update
  from 0
• HIGH7.5In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
  from 0
• HIGH7.5Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
  from 0
• HIGH7.5expat - security update
  from 0
• HIGH7.5expat - security update
  from 0
• HIGH7.5expat - security update
  from 0
• HIGH7.5The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial…
  from 0
• MEDIUM6.5In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
  from 0
• MEDIUM5.9expat - security update
  from 0
• MEDIUM5.9expat - security update
  from 0
• MEDIUM5.5libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.
  from 0
• —expat - security update
  from 0
• —expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler fu…
  from 0
• —Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of…
  from 0
• —readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a lar…
  from 0
• —expat - several
  from 0
• —expat - regression fix
  from 0
• —expat - denial of service
  from 0