expat -- multiple vulnerabilities
| Affected packages |
|
|
expat2 |
< |
2.6.3 |
|
Details
| VuXML ID |
ca5f3bbc-7a62-11ef-9533-f875a43e1796 |
| Discovery |
2024-09-24 |
| Entry |
2024-09-24 |
libexpat reports:
- CVE-2024-45490: Calling function XML_ParseBuffer with
len < 0 without noticing and then calling XML_GetBuffer
will have XML_ParseBuffer fail to recognize the problem
and XML_GetBuffer corrupt memory.
With the fix, XML_ParseBuffer now complains with error
XML_ERROR_INVALID_ARGUMENT just like sibling XML_Parse
has been doing since Expat 2.2.1, and now documented.
Impact is denial of service to potentially artitrary code
execution.
- CVE-2024-45491: Internal function dtdCopy can have an
integer overflow for nDefaultAtts on 32-bit platforms
(where UINT_MAX equals SIZE_MAX).
Impact is denial of service to potentially artitrary code
execution.
- CVE-2024-45492: Internal function nextScaffoldPart can
have an integer overflow for m_groupSize on 32-bit
platforms (where UINT_MAX equals SIZE_MAX).
Impact is denial of service to potentially artitrary code
execution.
References
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright
information.