PT-2024-6340 · Libexpat+11 · Libexpat+11

Taiyou

·

Published

2024-08-26

·

Updated

2026-04-01

·

CVE-2024-45491

CVSS v3.1

10

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.6.3
Description An issue was discovered in libexpat that is related to an integer overflow in the dtdCopy() function in the xmlparse.c file. This issue can occur on 32-bit platforms and may allow a remote attacker to cause a denial of service or execute arbitrary code.
Recommendations For libexpat versions prior to 2.6.3, update to version 2.6.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the dtdCopy() function in the xmlparse.c file until a patch is available.

Fix

DoS

Integer Overflow

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2024:6754
ALSA-2024:6989
ALSA-2024:8859
ALT-PU-2024-17539
AZL-48430
AZL-48454
BDU:2024-07376
BDU:2024-07377
CESA-2024_6989
CESA-2024_8859
CLEANSTART-2026-EM10970
CLEANSTART-2026-MH09144
CLEANSTART-2026-YT18139
CVE-2024-45491
DLA-3893-1
DSA-5770-1
INFSA-2024_6754
INFSA-2024_6989
INFSA-2024_8859
MGASA-2024-0294
MGASA-2024-0338
OESA-2024-2121
OESA-2024-2138
OPENSUSE-SU-2024:14322-1
OPENSUSE-SU-2024:14328-1
OPENSUSE-SU-2024:14379-1
OPENSUSE-SU-2024:14380-1
OPENSUSE-SU-2024:14381-1
OPENSUSE-SU-2024_3216-1
OPENSUSE-SU-2024_3538-1
OPENSUSE-SU-2024_3554-1
RHSA-2024:6754
RHSA-2024:6989
RHSA-2024:8859
RHSA-2024_6754
RHSA-2024_6989
RHSA-2024_8859
RLSA-2024:6754
RLSA-2024:6989
RLSA-2024:8859
SUSE-SU-2024:3182-1
SUSE-SU-2024:3216-1
SUSE-SU-2024:3515-1
SUSE-SU-2024:3538-1
SUSE-SU-2024:3554-1
SUSE-SU-2025:20045-1
SUSE-SU-2025:20207-1
SUSE-SU-2025:20311-1
SUSE-SU-2025:4512-1
SUSE-SU-2026:0044-1
USN-7000-1
USN-7000-2
USN-7001-1
USN-7001-2

Affected Products

Alt Linux
Almalinux
Centos
Debian
Ibm Aix
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Libexpat