Libexpat Project : Security Vulnerabilities, CVEs, (Memory corruption)
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
Max CVSS
7.5
EPSS Score
0.52%
Published
2022-10-24
Updated
2024-01-21
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
Max CVSS
8.1
EPSS Score
0.47%
Published
2022-09-14
Updated
2023-02-01
2 vulnerabilities found