INFSA-2024:6989: expat security update
Information about definition
Identificator: INFSA-2024:6989
Type: security
Release date: 2024-10-10 10:39:56 UTC
Information about package
Expat is a C library for parsing XML documents.
Vulnerabilities description
- CVE-2024-45490
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
- CVE-2024-45491
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
- CVE-2024-45492
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2024-45490
|
no information | 5.1 | no information |
|
NIST — CVE-2024-45491
|
no information | 7.5 | no information |
|
NIST — CVE-2024-45492
|
no information | 6.2 | no information |
Updated packages