Red Hat Security Advisory: expat security update
🔗 CVE IDs covered (18)
📋 Description
CVE-2013-0340 — expat: internal entity expansion CVE-2018-20843 — expat: large number of colons in input makes parser consume high amount of resources, leading to DoS CVE-2019-15903 — expat: heap-based buffer over-read via crafted XML input CVE-2021-45960 — expat: Large number of prefixed XML attributes on a single tag can crash libexpat CVE-2021-46143 — expat: Integer overflow in doProlog in xmlparse.c CVE-2022-22822 — expat: Integer overflow in addBinding in xmlparse.c CVE-2022-22823 — expat: Integer overflow in build_model in xmlparse.c CVE-2022-22824 — expat: Integer overflow in defineAttribute in xmlparse.c CVE-2022-22825 — expat: Integer overflow in lookup in xmlparse.c CVE-2022-22826 — expat: Integer overflow in nextScaffoldPart in xmlparse.c CVE-2022-22827 — expat: Integer overflow in storeAtts in xmlparse.c CVE-2022-23990 — expat: integer overflow in the doProlog function CVE-2022-25313 — expat: Stack exhaustion in doctype parsing CVE-2022-25314 — expat: Integer overflow in copyString() CVE-2022-43680 — expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate CVE-2023-52425 — expat: parsing large tokens can trigger a denial of service CVE-2024-8176 — libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat CVE-2025-59375 — firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing
🔗 References (21)
- selfhttps://access.redhat.com/errata/RHSA-2025:22871
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1000109
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1723723
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1752592
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2044451
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2044455
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2044457
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2044464
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2044467
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2044479
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2044484
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2044488
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2048356
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2056350
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2056354
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2140059
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2262877
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2310137
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2395108
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_22871.json