Fredrik Wikstrom

2 exploits Active since Oct 2022
CVE-2024-28757 NOMISEC HIGH WRITEUP
libexpat < 2.6.2 - XML Entity Expansion via External Parser
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
CVSS 7.5
CVE-2022-43680 NOMISEC HIGH WRITEUP
libexpat < 2.4.9 - Use-After-Free in XML_ExternalEntityParserCreate
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
CVSS 7.5