PT-2022-1582 · Expat+12 · Expat+12

Published

2022-01-08

·

Updated

2026-04-01

·

CVE-2022-22824

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Expat versions prior to 2.4.3
Description The issue is related to an integer overflow in the defineAttribute function of the xmlparse.c file in the Expat library. This could allow a remote attacker to cause a denial of service. There is also a mention of a potential for arbitrary code execution on the system by exploiting this integer overflow, possibly by persuading a victim to open a specially crafted file.
Recommendations For versions prior to 2.4.3, update to version 2.4.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the defineAttribute function in xmlparse.c until a patch is available.

Fix

DoS

Integer Overflow

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2022:0951
ALSA-2022:7692
ALT-PU-2022-1072
ALT-PU-2022-1130
ALT-PU-2022-1176
ALT-PU-2023-4107
AZL-7158
BDU:2022-00800
CESA-2022_0818
CESA-2022_0824
CESA-2022_0845
CESA-2022_0850
CESA-2022_0951
CESA-2022_1069
CESA-2022_7692
CLEANSTART-2026-EM10970
CLEANSTART-2026-MH09144
CLEANSTART-2026-YT18139
CVE-2022-22824
DLA-2904-1
DSA-5073-1
MGASA-2022-0031
OESA-2022-1490
OESA-2023-1454
OESA-2023-1455
OPENSUSE-SU-2022:0178-1
OPENSUSE-SU-2022_0178-1
OPENSUSE-SU-2024:11762-1
RHSA-2022:0818
RHSA-2022:0824
RHSA-2022:0845
RHSA-2022:0850
RHSA-2022:0951
RHSA-2022:1069
RHSA-2022:7692
RHSA-2022_0818
RHSA-2022_0824
RHSA-2022_0845
RHSA-2022_0850
RHSA-2022_0951
RHSA-2022_1069
RHSA-2022_7692
RLSA-2022:0951
RLSA-2022:7692
SUSE-SU-2022:0178-1
SUSE-SU-2022:0179-1
SUSE-SU-2022:14878-1
USN-5288-1
USN-5455-1
USN-7199-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Expat
Ibm Aix
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu