pkg:Debian/libxmltok

所有已知漏洞

• CRITICAL9.8CVE-2024-45492An issue was discovered in libexpat before 2.6.3.
  from 0
• CRITICAL9.8CVE-2024-45491An issue was discovered in libexpat before 2.6.3.
  from 0
• CRITICAL9.8CVE-2022-25315In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
  from 0
• CRITICAL9.8CVE-2022-25236xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
  from 0
• CRITICAL9.8CVE-2022-25235expat - security update
  from 0
• CRITICAL9.8CVE-2022-23852expat - security update
  from 0
• CRITICAL9.8CVE-2022-22824defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
  from 0
• CRITICAL9.8CVE-2022-22823build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
  from 0
• CRITICAL9.8CVE-2022-22822addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
  from 0
• CRITICAL9.8CVE-2016-9063An integer overflow during the parsing of XML using the Expat library.
  from 0
• CRITICAL9.8CVE-2016-0718expat - security update
  from 0
• HIGH8.8CVE-2022-22827storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
  from 0
• HIGH8.8CVE-2022-22826nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
  from 0
• HIGH8.8CVE-2022-22825lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
  from 0
• HIGH8.8CVE-2021-45960expat - security update
  from 0
• HIGH8.1CVE-2022-40674expat - security update
  from 0
• HIGH8.1CVE-2016-4472The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denia…
  from 0
• HIGH7.8CVE-2021-46143In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
  from 0
• HIGH7.5CVE-2024-8176A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents.
  from 0
• HIGH7.5CVE-2024-45490expat - security update
  from 0
• HIGH7.5CVE-2024-28757libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntity…
  from 0
• HIGH7.5CVE-2023-52425expat - security update
  from 0
• HIGH7.5CVE-2022-43680expat - security update
  from 0
• HIGH7.5CVE-2022-25314In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
  from 0
• HIGH7.5CVE-2022-23990Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
  from 0
• HIGH7.5CVE-2019-15903expat - security update
  from 0
• HIGH7.5CVE-2018-20843expat - security update
  from 0
• HIGH7.5CVE-2017-9233expat - security update
  from 0
• HIGH7.5CVE-2016-5300The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial…
  from 0
• MEDIUM6.5CVE-2022-25313In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
  from 0
• MEDIUM5.9CVE-2024-50602expat - security update
  from 0
• MEDIUM5.9CVE-2012-6702expat - security update
  from 0
• MEDIUM5.5CVE-2023-52426libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.
  from 0
• —CVE-2015-1283expat - security update
  from 0
• —CVE-2013-0340expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler fu…
  from 0
• —CVE-2012-1148Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of…
  from 0
• —CVE-2012-1147readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a lar…
  from 0
• —CVE-2012-0876expat - several
  from 0
• —CVE-2009-3560expat - regression fix
  from 0
• —CVE-2009-3720expat - denial of service
  from 0