Libexpat · Libexpat · CVE-2022-40674
**Name of the Vulnerable Software and Affected Versions**
libexpat versions prior to 2.4.9
**Description**
The issue is related to a use-after-free vulnerability in the doContent function of the xmlparse.c file in the libexpat XML parsing library. This vulnerability can be exploited by a remote attacker to execute arbitrary code.
**Recommendations**
For versions prior to 2.4.9, update to version 2.4.9 or later to resolve the issue. As a temporary workaround, consider disabling the doContent function in xmlparse.c until a patch is available. Restrict access to the xmlparse.c module to minimize the risk of exploitation.