James Clark

16 exploits Active since Jan 2022
CVE-2024-28757 NOMISEC HIGH WRITEUP
Libexpat < 2.6.2 - XML Entity Expansion
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
CVSS 7.5
CVE-2024-28757 NOMISEC HIGH WRITEUP
Libexpat < 2.6.2 - XML Entity Expansion
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
CVSS 7.5
CVE-2022-43680 NOMISEC HIGH WRITEUP
libexpat <2.4.9 - Use After Free
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
CVSS 7.5
CVE-2022-43680 NOMISEC HIGH WRITEUP
libexpat <2.4.9 - Use After Free
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
CVSS 7.5
CVE-2022-23990 NOMISEC HIGH STUB
Expat <2.4.4 - Buffer Overflow
Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.
CVSS 7.5
CVE-2022-25235 NOMISEC CRITICAL STUB
Expat <2.4.5 - Info Disclosure
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
CVSS 9.8
CVE-2022-25236 NOMISEC CRITICAL WRITEUP
Libexpat < 2.4.5 - Exposure to Wrong Actor
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
CVSS 9.8
CVE-2022-25313 NOMISEC MEDIUM WRITEUP
Expat <2.4.5 - Memory Corruption
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
CVSS 6.5
CVE-2022-25314 NOMISEC HIGH WRITEUP
Libexpat < 2.4.5 - Integer Overflow
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
CVSS 7.5
CVE-2022-25315 NOMISEC CRITICAL WRITEUP
Libexpat < 2.4.5 - Integer Overflow
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
CVSS 9.8
CVE-2022-25313 NOMISEC MEDIUM WRITEUP
Expat <2.4.5 - Memory Corruption
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
CVSS 6.5
CVE-2021-46143 NOMISEC HIGH WRITEUP
Expat <2.4.3 - Buffer Overflow
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
CVSS 8.1
CVE-2022-22822 NOMISEC CRITICAL STUB
Libexpat < 2.4.3 - Integer Overflow
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVSS 9.8
CVE-2022-23852 NOMISEC CRITICAL WRITEUP
Expat <2.4.4 - Buffer Overflow
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
CVSS 9.8
CVE-2021-45960 NOMISEC HIGH WRITEUP
Expat <2.4.3 - Memory Corruption
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
CVSS 8.8
CVE-2021-45960 NOMISEC HIGH WRITEUP
Expat <2.4.3 - Memory Corruption
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
CVSS 8.8