James Clark

16 exploits Active since Jan 2022
CVE-2024-28757 NOMISEC HIGH WRITEUP
libexpat < 2.6.2 - XML Entity Expansion via External Parser
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
CVSS 7.5
CVE-2024-28757 NOMISEC HIGH WRITEUP
libexpat < 2.6.2 - XML Entity Expansion via External Parser
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
CVSS 7.5
CVE-2022-43680 NOMISEC HIGH WRITEUP
libexpat < 2.4.9 - Use-After-Free in XML_ExternalEntityParserCreate
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
CVSS 7.5
CVE-2022-43680 NOMISEC HIGH WRITEUP
libexpat < 2.4.9 - Use-After-Free in XML_ExternalEntityParserCreate
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
CVSS 7.5
CVE-2022-23990 NOMISEC HIGH STUB
libexpat < 2.4.4 - Integer Overflow in doProlog Function
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
CVSS 7.5
CVE-2022-25235 NOMISEC CRITICAL STUB
libexpat < 2.4.5 - Improper Encoding or Escaping of Output
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
CVSS 9.8
CVE-2022-25236 NOMISEC CRITICAL WRITEUP
libexpat < 2.4.5 - Namespace URI Injection via Namespace-Separator Character
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
CVSS 9.8
CVE-2022-25313 NOMISEC MEDIUM WRITEUP
libexpat < 2.4.5 - Denial of Service via DTD Element Nesting
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
CVSS 6.5
CVE-2022-25314 NOMISEC HIGH WRITEUP
libexpat < 2.4.5 - Integer Overflow in copyString
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
CVSS 7.5
CVE-2022-25315 NOMISEC CRITICAL WRITEUP
libexpat < 2.4.5 - Integer Overflow in storeRawNames
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
CVSS 9.8
CVE-2022-25313 NOMISEC MEDIUM WRITEUP
libexpat < 2.4.5 - Denial of Service via DTD Element Nesting
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
CVSS 6.5
CVE-2021-46143 NOMISEC HIGH WRITEUP
libexpat < 2.4.3 - Integer Overflow in m_groupSize
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
CVSS 8.1
CVE-2022-22822 NOMISEC CRITICAL STUB
libexpat < 2.4.3 - Integer Overflow in addBinding
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVSS 9.8
CVE-2022-23852 NOMISEC CRITICAL WRITEUP
libexpat < 2.4.4 - Integer Overflow in XML_GetBuffer
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
CVSS 9.8
CVE-2021-45960 NOMISEC HIGH WRITEUP
libexpat < 2.4.3 - Integer Overflow via Left Shift in storeAtts
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
CVSS 8.8
CVE-2021-45960 NOMISEC HIGH WRITEUP
libexpat < 2.4.3 - Integer Overflow via Left Shift in storeAtts
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
CVSS 8.8