In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
DLA-3165-1 | expat security update |
![]() |
DSA-5266-1 | expat security update |
![]() |
USN-5638-2 | Expat vulnerabilities |
![]() |
USN-5638-3 | Expat vulnerability |
![]() |
USN-5638-4 | Expat vulnerabilities |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Fri, 30 May 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-05-30T19:20:52.533Z
Reserved: 2022-10-24T00:00:00.000Z
Link: CVE-2022-43680

Updated: 2024-08-03T13:40:06.144Z

Status : Modified
Published: 2022-10-24T14:15:53.323
Modified: 2025-05-30T20:15:31.250
Link: CVE-2022-43680


No data.