PT-2019-3469 · Expat+10 · Libexpat+10

Published

2019-08-28

·

Updated

2026-04-01

·

CVE-2019-15903

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.2.8
Description The issue is related to a heap-based buffer over-read in libexpat, which can occur when crafted XML input fools the parser into changing from DTD parsing to document parsing too early. A consecutive call to XML GetCurrentLineNumber (or XML GetCurrentColumnNumber) then results in the buffer over-read. This can be exploited by a remote attacker using a specially crafted XML file, potentially leading to a denial of service.
Recommendations For versions prior to 2.2.8, update to version 2.2.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of libexpat until a patch is available. Avoid using XML GetCurrentLineNumber and XML GetCurrentColumnNumber functions with potentially malicious XML input until the issue is resolved.

Exploit

Fix

Out of bounds Read

XXE

XML Entity Expansion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-611CWE-776

Related Identifiers

ALT-PU-2019-2740
ALT-PU-2019-2751
ALT-PU-2019-3056
ALT-PU-2019-3087
ALT-PU-2019-3103
ALT-PU-2019-3106
ALT-PU-2019-3112
ALT-PU-2020-1050
ALT-PU-2020-1166
ALT-PU-2020-1434
ALT-PU-2020-1515
ALT-PU-2020-1617
ALT-PU-2020-1707
ALT-PU-2020-2053
ALT-PU-2020-2441
ALT-PU-2020-3264
ALT-PU-2020-3273
ALT-PU-2020-3318
ALT-PU-2021-2653
ALT-PU-2024-3474
BDU:2019-03643
CESA-2019_3193
CESA-2019_3196
CESA-2019_3210
CESA-2019_3237
CESA-2019_3756
CESA-2020_3952
CESA-2020_4484
CLEANSTART-2026-EM10970
CLEANSTART-2026-MH09144
CLEANSTART-2026-YT18139
CVE-2019-15903
DLA-1912-1
DLA-1987-1
DLA-1997-1
DSA-4530-1
DSA-4549-1
DSA-4571-1
DSA-4571-2
MGASA-2019-0315
MGASA-2019-0316
MGASA-2019-0321
OPENSUSE-SU-2019:2204-1
OPENSUSE-SU-2019:2205-1
OPENSUSE-SU-2019:2420-1
OPENSUSE-SU-2019:2424-1
OPENSUSE-SU-2019:2425-1
OPENSUSE-SU-2019:2447-1
OPENSUSE-SU-2019:2451-1
OPENSUSE-SU-2019:2452-1
OPENSUSE-SU-2019:2459-1
OPENSUSE-SU-2019:2464-1
OPENSUSE-SU-2019_2204-1
OPENSUSE-SU-2019_2205-1
OPENSUSE-SU-2019_2420-1
OPENSUSE-SU-2019_2451-1
OPENSUSE-SU-2019_2452-1
OPENSUSE-SU-2019_2459-1
OPENSUSE-SU-2019_2464-1
OPENSUSE-SU-2020:0010-1
OPENSUSE-SU-2020:0086-1
OPENSUSE-SU-2020_0086-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:10681-1
OPENSUSE-SU-2024:10748-1
OPENSUSE-SU-2024:11284-1
OPENSUSE-SU-2024:12948-1
OPENSUSE-SU-2024:14572-1
RHSA-2019:3193
RHSA-2019:3196
RHSA-2019:3210
RHSA-2019:3237
RHSA-2019:3756
RHSA-2019_3193
RHSA-2019_3196
RHSA-2019_3210
RHSA-2019_3237
RHSA-2019_3756
RHSA-2020:2644
RHSA-2020:3952
RHSA-2020:4484
RHSA-2020_3952
RHSA-2020_4484
RLSA-2020:4484
SUSE-SU-2019:14246-1
SUSE-SU-2019:2429-1
SUSE-SU-2019:2440-1
SUSE-SU-2019:2871-1
SUSE-SU-2019:2872-1
SUSE-SU-2019:2912-1
SUSE-SU-2019_14246-1
SUSE-SU-2019_2429-1
SUSE-SU-2019_2440-1
SUSE-SU-2020:0114-1
SUSE-SU-2020:0302-1
SUSE-SU-2025:20207-1
SUSE-SU-2025:20311-1
USN-4132-1
USN-4132-2
USN-4165-1
USN-4165-2
USN-4202-1
USN-4202-2
USN-4335-1
USN-4852-1
USN-5455-1
USN-7199-1

Affected Products

Alt Linux
Centos
Debian
Google Chrome
Linuxmint
Red Hat
Rocky Linux
Suse
Ubuntu
Itunes
Libexpat