Debian Expat vulnerabilities

48 known vulnerabilities affecting debian/expat.

Total CVEs

48

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL11HIGH15MEDIUM11LOW11

Vulnerabilities

Page 1 of 3

CVE-2026-32777MEDIUMCVSS 4.0fixed in expat 2.7.5-1 (forky)2026

CVE-2026-32777 [MEDIUM] CVE-2026-32777: expat - libexpat before 2.7.5 allows an infinite loop while parsing DTD content. libexpat before 2.7.5 allows an infinite loop while parsing DTD content. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.7.5-1) sid: resolved (fixed in 2.7.5-1) trixie: open

CVE-2026-32776MEDIUMCVSS 4.0fixed in expat 2.7.5-1 (forky)2026

CVE-2026-32776 [MEDIUM] CVE-2026-32776: expat - libexpat before 2.7.5 allows a NULL pointer dereference with empty external para... libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.7.5-1) sid: resolved (fixed in 2.7.5-1) trixie: open

CVE-2026-25210MEDIUMCVSS 6.9fixed in expat 2.7.4-1 (forky)2026

CVE-2026-25210 [MEDIUM] CVE-2026-25210: expat - In libexpat before 2.7.4, the doContent function does not properly determine the... In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.7.4-1) sid: resolved (fixed in 2.7.4-1) trixie: open

CVE-2026-32778LOWCVSS 2.9fixed in expat 2.7.5-1 (forky)2026

CVE-2026-32778 [LOW] CVE-2026-32778: expat - libexpat before 2.7.5 allows a NULL pointer dereference in the function setConte... libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.7.5-1) sid: resolved (fixed in 2.7.5-1) trixie: open

CVE-2026-24515LOWCVSS 2.9fixed in expat 2.7.3-2 (forky)2026

CVE-2026-24515 [LOW] CVE-2026-24515: expat - In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown e... In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.7.3-2) sid: resolved (fixed in 2.7.3-2) trixie: open

CVE-2025-59375HIGHCVSS 7.5fixed in expat 2.7.2-1 (forky)2025

CVE-2025-59375 [HIGH] CVE-2025-59375: expat - libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory ... libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.7.2-1) sid: resolved (fixed in 2.7.2-1) trixie: open

CVE-2025-66382LOWCVSS 2.92025

CVE-2025-66382 [LOW] CVE-2025-66382: expat - In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can ... In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2024-45492CRITICALCVSS 9.8fixed in expat 2.5.0-1+deb12u1 (bookworm)2024

CVE-2024-45492 [CRITICAL] CVE-2024-45492: expat - An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c... An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Scope: local bookworm: resolved (fixed in 2.5.0-1+deb12u1) bullseye: resolved (fixed in 2.2.10-2+deb11u6) forky: resolved (fixed in 2.6.2-2) sid: resolved (fixed in 2.6.2-2) trixie: reso

CVE-2024-45491CRITICALCVSS 9.8fixed in expat 2.5.0-1+deb12u1 (bookworm)2024

CVE-2024-45491 [CRITICAL] CVE-2024-45491: expat - An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have... An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). Scope: local bookworm: resolved (fixed in 2.5.0-1+deb12u1) bullseye: resolved (fixed in 2.2.10-2+deb11u6) forky: resolved (fixed in 2.6.2-2) sid: resolved (fixed in 2.6.2-2) trixie: resolved (fi

CVE-2024-8176HIGHCVSS 7.5fixed in expat 2.5.0-1+deb12u2 (bookworm)2024

CVE-2024-8176 [HIGH] CVE-2024-8176: expat - A stack overflow vulnerability exists in the libexpat library due to the way it ... A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploita

CVE-2024-45490HIGHCVSS 7.5fixed in expat 2.5.0-1+deb12u1 (bookworm)2024

CVE-2024-45490 [HIGH] CVE-2024-45490: expat - An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a n... An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. Scope: local bookworm: resolved (fixed in 2.5.0-1+deb12u1) bullseye: resolved (fixed in 2.2.10-2+deb11u6) forky: resolved (fixed in 2.6.2-2) sid: resolved (fixed in 2.6.2-2) trixie: resolved (fixed in 2.6.2-2)

CVE-2024-50602MEDIUMCVSS 5.9fixed in expat 2.5.0-1+deb12u2 (bookworm)2024

CVE-2024-50602 [MEDIUM] CVE-2024-50602: expat - An issue was discovered in libexpat before 2.6.4. There is a crash within the XM... An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. Scope: local bookworm: resolved (fixed in 2.5.0-1+deb12u2) bullseye: resolved (fixed in 2.2.10-2+deb11u7) forky: resolved (fixed in 2.6.3-2) sid: resolved (fixed in 2.6.3-2) trixie: resolved (fixed in 2.

CVE-2024-28757LOWCVSS 7.5fixed in expat 2.6.1-2 (forky)2024

CVE-2024-28757 [HIGH] CVE-2024-28757: expat - libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isola... libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.6.1-2) sid: resolved (fixed in 2.6.1-2) trixie: resolved (fixed in 2.6.1-2)

CVE-2023-52425HIGHCVSS 7.5fixed in expat 2.5.0-1+deb12u2 (bookworm)2023

CVE-2023-52425 [HIGH] CVE-2023-52425: expat - libexpat through 2.5.0 allows a denial of service (resource consumption) because... libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. Scope: local bookworm: resolved (fixed in 2.5.0-1+deb12u2) bullseye: resolved (fixed in 2.2.10-2+deb11u6) forky: resolved (fixed in 2.6.0-1) sid: resolved (fixed in 2.6.0-1) trixie:

CVE-2023-52426LOWCVSS 5.5fixed in expat 2.6.0-1 (forky)2023

CVE-2023-52426 [MEDIUM] CVE-2023-52426: expat - libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undef... libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 2.6.0-1) sid: resolved (fixed in 2.6.0-1) trixie: resolved (fixed in 2.6.0-1)

CVE-2022-22822CRITICALCVSS 9.8fixed in expat 2.4.3-1 (bookworm)2022

CVE-2022-22822 [CRITICAL] CVE-2022-22822: expat - addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer ove... addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. Scope: local bookworm: resolved (fixed in 2.4.3-1) bullseye: resolved (fixed in 2.2.10-2+deb11u1) forky: resolved (fixed in 2.4.3-1) sid: resolved (fixed in 2.4.3-1) trixie: resolved (fixed in 2.4.3-1)

CVE-2022-25315CRITICALCVSS 9.8fixed in expat 2.4.5-1 (bookworm)2022

CVE-2022-25315 [CRITICAL] CVE-2022-25315: expat - In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNa... In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. Scope: local bookworm: resolved (fixed in 2.4.5-1) bullseye: resolved (fixed in 2.2.10-2+deb11u2) forky: resolved (fixed in 2.4.5-1) sid: resolved (fixed in 2.4.5-1) trixie: resolved (fixed in 2.4.5-1)

CVE-2022-25235CRITICALCVSS 9.8fixed in expat 2.4.5-1 (bookworm)2022

CVE-2022-25235 [CRITICAL] CVE-2022-25235: expat - xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of e... xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. Scope: local bookworm: resolved (fixed in 2.4.5-1) bullseye: resolved (fixed in 2.2.10-2+deb11u2) forky: resolved (fixed in 2.4.5-1) sid: resolved (fixed in 2.4.5-1) trixie: resolved (fixed in 2.4.5-1)

CVE-2022-22823CRITICALCVSS 9.8fixed in expat 2.4.3-1 (bookworm)2022

CVE-2022-22823 [CRITICAL] CVE-2022-22823: expat - build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer ov... build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. Scope: local bookworm: resolved (fixed in 2.4.3-1) bullseye: resolved (fixed in 2.2.10-2+deb11u1) forky: resolved (fixed in 2.4.3-1) sid: resolved (fixed in 2.4.3-1) trixie: resolved (fixed in 2.4.3-1)

CVE-2022-23852CRITICALCVSS 9.8fixed in expat 2.4.3-2 (bookworm)2022

CVE-2022-23852 [CRITICAL] CVE-2022-23852: expat - Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer... Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES. Scope: local bookworm: resolved (fixed in 2.4.3-2) bullseye: resolved (fixed in 2.2.10-2+deb11u1) forky: resolved (fixed in 2.4.3-2) sid: resolved (fixed in 2.4.3-2) trixie: resolved (fixed in 2.4.3-2)