PT-2022-6576 · Libexpat+12 · Libexpat+12

Rhodri James

·

Published

2022-09-14

·

Updated

2026-04-01

·

CVE-2022-40674

CVSS v3.1

8.1

High

VectorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.4.9
Description The issue is related to a use-after-free vulnerability in the doContent function of the xmlparse.c file in the libexpat XML parsing library. This vulnerability can be exploited by a remote attacker to execute arbitrary code.
Recommendations For versions prior to 2.4.9, update to version 2.4.9 or later to resolve the issue. As a temporary workaround, consider disabling the doContent function in xmlparse.c until a patch is available. Restrict access to the xmlparse.c module to minimize the risk of exploitation.

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2022:6838
ALSA-2022:6878
ALSA-2022:7020
ALSA-2022:7023
ALSA-2022:7024
ALSA-2022:7026
ALSA-2023:3068
ALT-PU-2022-2668
ALT-PU-2022-3090
ALT-PU-2022-3270
ALT-PU-2023-4107
ALT-PU-2023-4120
ALT-PU-2023-4144
AZL-10921
BDU:2023-02596
CESA-2022_6834
CESA-2022_6878
CESA-2022_7023
CESA-2022_7024
CESA-2023_3068
CLEANSTART-2026-EM10970
CLEANSTART-2026-MH09144
CLEANSTART-2026-YT18139
CVE-2022-40674
DLA-3119-1
DSA-5236-1
INFSA-2023_3068
MGASA-2022-0352
MGASA-2022-0397
MGASA-2022-0399
OESA-2022-1932
OESA-2022-2019
OPENSUSE-SU-2022_3489-1
OPENSUSE-SU-2022_3597-1
OPENSUSE-SU-2024:12359-1
OPENSUSE-SU-2024:12518-1
OPENSUSE-SU-2024:14572-1
RHSA-2022:6831
RHSA-2022:6832
RHSA-2022:6833
RHSA-2022:6834
RHSA-2022:6838
RHSA-2022:6878
RHSA-2022:6921
RHSA-2022:6967
RHSA-2022:6995
RHSA-2022:6996
RHSA-2022:6997
RHSA-2022:6998
RHSA-2022:7019
RHSA-2022:7020
RHSA-2022:7021
RHSA-2022:7022
RHSA-2022:7023
RHSA-2022:7024
RHSA-2022:7025
RHSA-2022:7026
RHSA-2022:8598
RHSA-2022_6834
RHSA-2022_6838
RHSA-2022_6878
RHSA-2022_6921
RHSA-2022_6967
RHSA-2022_6997
RHSA-2022_6998
RHSA-2022_7020
RHSA-2022_7023
RHSA-2022_7024
RHSA-2022_7026
RHSA-2023:3068
RHSA-2023_3068
RLSA-2022:6838
RLSA-2022:6878
RLSA-2022:7023
RLSA-2022:7024
ROSA-SA-2023-2166
ROSA-SA-2023-2168
SUSE-SU-2022:3466-1
SUSE-SU-2022:3489-1
SUSE-SU-2022:3597-1
SUSE-SU-2022_3466-1
SUSE-SU-2022_3489-1
SUSE-SU-2022_3597-1
USN-5638-1
USN-5638-2
USN-5638-4
USN-5726-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Ibm Aix
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Libexpat