CVE-2016-4472: The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash)…

CVE-2019-15903 [MEDIUM] xmltok library vulnerabilities Title: xmltok library vulnerabilities Summary: Several security issues were fixed in libxmltok. It was discovered that Expat, contained within the xmltok library, incorrectly handled malformed XML data. If a user or application were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2015-1283, CVE-2016-0718, CVE-2016-4472, CVE-2019-15903) It was discovered that Expat, contained within the xmltok library, incorrectly handled XML data containing a large number of colons, which could lead to excessive resource consumption. If a user or application were tricked into opening a crafted XML file, an attacker could possibly use this issue to cause a denial of service. (CVE-2018-20843) It was discovered that Expat, cont

CVE-2021-46143 [MEDIUM] xmltok library vulnerabilities Title: xmltok library vulnerabilities Summary: Several security issues were fixed in libxmltok. Tim Boddy, Gustavo Grieco and others discovered that Expat, that is integrated in xmltok library, incorrectly handled certain files. An attacker could possibly use these issues to cause a denial of service, or possibly execute arbitrary code. These issues were only addressed in Ubuntu 16.04 ESM. (CVE-2012-1148, CVE-2015-1283, CVE-2016-0718, CVE-2016-4472, CVE-2018-20843, CVE-2019-15903, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827) It was discovered that Expat, that is integrated in xmltok library, incorrectly handled encoding validation of certain files. An attacker could possibly use this issue to cause a denial of service, o

CVE-2016-4472 [HIGH] CVE-2016-4472: iTunes 12.6 for Windows Apple Security Update: About the security content of iTunes 12.6 for Windows Product: iTunes 12.6 for Windows CVE: CVE-2016-4472 Component: CVE-2016-4472

CVE-2016-4472 [HIGH] CVE-2016-4472: iTunes 12.6 Apple Security Update: About the security content of iTunes 12.6 Product: iTunes Version: 12.6 CVE: CVE-2016-4472 Component: CVE-2016-4472

CVE-2012-6702 [MEDIUM] XML-RPC for C and C++ vulnerabilities Title: XML-RPC for C and C++ vulnerabilities Summary: Several security issues were fixed in XML-RPC for C and C++. It was discovered that the Expat code in XML-RPC for C and C++ unexpectedly called srand in certain circumstances. This could reduce the security of calling applications. (CVE-2012-6702) It was discovered that the Expat code in XML-RPC for C and C++ incorrectly handled seeding the random number generator. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2016-5300) Gustavo Grieco discovered that the Expat code in XML-RPC for C and C++ incorrectly handled malformed XML data. If a user or application linked against XML-RPC for C and C++ were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly exec

CVE-2016-4472 [MEDIUM] CWE-190 expat: Undefined behavior and pointer overflows expat: Undefined behavior and pointer overflows The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716. Package: expat (Red Hat Directory Server 8) - Under investigation Package: apr-util (Red Hat Enterprise Linux 5) - Not affected Package: dasher (Red Hat Enterprise Linux 5) - Not affected Package: expat (Red Hat Enterprise Linux 5) - Will not fix Package: firefox (Red Hat Enterprise Linux 5) - Will not fix Package: ghostscript (Red Hat Enterprise Linux 5) - Not affected Package: httpd (Red Hat Enterprise Linux 5) - Not affect

CVE-2016-4472 [MEDIUM] CVE-2016-4472: expat - The overflow protection in Expat is removed by compilers with certain optimizati... The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716. Scope: local bookworm: resolved (fixed in 2.1.1-2) bullseye: resolved (fixed in 2.1.1-2) forky: resolved (fixed in 2.1.1-2) sid: resolved (fixed in 2.1.1-2) trixie: resolved (fixed in 2.1.1-2)

CVE-2015-1283 [MEDIUM] libxmltok vulnerabilities libxmltok vulnerabilities It was discovered that Expat, contained within the xmltok library, incorrectly handled malformed XML data. If a user or application were tricked into opening a crafted XML file, an attacker could cause a denial of service, or possibly execute arbitrary code. (CVE-2015-1283, CVE-2016-0718, CVE-2016-4472, CVE-2019-15903) It was discovered that Expat, contained within the xmltok library, incorrectly handled XML data containing a large number of colons, which could lead to excessive resource consumption. If a user or application were tricked into opening a crafted XML file, an attacker could possibly use this issue to cause a denial of service. (CVE-2018-20843) It was discovered that Expat, contained within the xmltok library, incorrectly handled certain input, whi

CVE-2012-1148 [MEDIUM] libxmltok vulnerabilities libxmltok vulnerabilities Tim Boddy, Gustavo Grieco and others discovered that Expat, that is integrated in xmltok library, incorrectly handled certain files. An attacker could possibly use these issues to cause a denial of service, or possibly execute arbitrary code. These issues were only addressed in Ubuntu 16.04 ESM. (CVE-2012-1148, CVE-2015-1283, CVE-2016-0718, CVE-2016-4472, CVE-2018-20843, CVE-2019-15903, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827) It was discovered that Expat, that is integrated in xmltok library, incorrectly handled encoding validation of certain files. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2022-25235) It was discovered

CVE-2016-4472 [MEDIUM] CWE-119 GHSA-855w-qg6f-ffh7: The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of servic The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.

CVE-2016-4472 [MEDIUM] CVE-2016-4472: The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of servic The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716.

CVE-2016-4472 [HIGH] CVE-2016-4472 expat: Undefined behavior and pointer overflows [fedora-all] CVE-2016-4472 expat: Undefined behavior and pointer overflows [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fed

CVE-2016-4472 [HIGH] CVE-2016-4472 expat21: expat: Undefined behavior and pointer overflows [epel-all] CVE-2016-4472 expat21: expat: Undefined behavior and pointer overflows [epel-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported ver

CVE-2016-4472 [HIGH] CVE-2016-4472 mingw-expat: expat: Undefined behavior and pointer overflows [epel-7] CVE-2016-4472 mingw-expat: expat: Undefined behavior and pointer overflows [epel-7] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora EPEL. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. [bug automatically created by: add-tracking-b

CVE-2016-4472 [MEDIUM] CVE-2016-4472 expat: Undefined behavior and pointer overflows CVE-2016-4472 expat: Undefined behavior and pointer overflows It was found that original patch for issues CVE-2015-1283 and CVE-2015-2716 used overflow checks that could be optimized out by some compilers applying certain optimization settings, which can cause the vulnerability to remain even after applying the patch. One pattern in the fix for CVE-2015-1283/CVE-2015-2716 is: /* bufferSize is positive here */ do { bufferSize *= 2; } while (bufferSize 0); if (bufferSize 0 as always true when the execution is defined, and bufferSize 0 out of the loop, that is, compile the code as if it had been written: if (bufferSize <= 0) errorCode = XML_ERROR_NO_MEMORY; return NULL; else { do { bufferSize *= 2; } while (bufferSize < neededSize); } Both cases leads to not eliminating the vulnerability

CVE-2016-4472 [HIGH] CVE-2016-4472 mingw-expat: expat: Undefined behavior and pointer overflows [fedora-all] CVE-2016-4472 mingw-expat: expat: Undefined behavior and pointer overflows [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported ve

CVE-2016-4472 [HIGH] CVE-2016-4472 compat-expat1: expat: Undefined behavior and pointer overflows [fedora-all] CVE-2016-4472 compat-expat1: expat: Undefined behavior and pointer overflows [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported