UbuntuUpdates.org

Package "libexpat1"

Name: libexpat1

Description:

XML parsing C library - runtime library
Latest version: 2.4.7-1ubuntu0.7
Release: jammy (22.04)
Level: updates
Repository: main
Head package: expat
Homepage: https://libexpat.github.io/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libexpat1"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libexpat1" in Jammy

Repository Area Version
base main 2.4.7-1
security main 2.4.7-1ubuntu0.7

Changelog

Version: 2.4.7-1ubuntu0.7 2026-02-11 09:08:06 UTC

  expat (2.4.7-1ubuntu0.7) jammy-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2026-24515.patch: updates
      XML_ExternalEntityParserCreate to copy unknown encoding handler user
      data in expat/lib/xmlparse.c.
    - CVE-2026-24515
  * SECURITY UPDATE: integer overflow
    - debian/patches/CVE-2026-25210*.patch: adds an integer overflow check for
      tag buffer reallocation in the doContent function of
      expat/lib/xmlparse.c.
    - CVE-2026-25210

 -- Ian Constantin <email address hidden> Wed, 04 Feb 2026 17:24:04 +0200
Source diff to previous version
CVE-2026-24515 In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.
CVE-2026-25210 In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for t

Version: 2.4.7-1ubuntu0.6 2025-04-08 13:07:46 UTC

  expat (2.4.7-1ubuntu0.6) jammy-security; urgency=medium

  * SECURITY UPDATE: denial of service via stack overflow
    - debian/patches/CVE-2024-8176-pre.patch: Remove XML_DTD guards
      before is_param accesses
    - debian/patches/CVE-2024-8176-test-pre-1.patch: minicheck: Add
      fail_unless() macro
    - debian/patches/CVE-2024-8176-test-pre-2.patch: tests: Rename
      _fail_unless to _assert_true for clarity
    - debian/patches/CVE-2024-8176-test-pre-3.patch: minicheck: Add
      simple subtest support
    - debian/patches/CVE-2024-8176-1.patch: Resolve the recursion during
      entity processing to prevent stack overflow
    - debian/patches/CVE-2024-8176-2.patch: Stop updating event pointer
      on exit for reentry
    - CVE-2024-8176

 -- Vyom Yadav <email address hidden> Mon, 07 Apr 2025 20:07:15 +0530
Source diff to previous version
CVE-2024-8176 A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an

Version: 2.4.7-1ubuntu0.5 2024-12-10 02:06:53 UTC

  expat (2.4.7-1ubuntu0.5) jammy-security; urgency=medium

  * SECURITY UPDATE: denial-of-service via XML_ResumeParser
    - debian/patches/CVE-2024-50602-1.patch: Make function XML_StopParser of
      expat/lib/xmlparse.c refuse to stop/suspend an unstarted parser
    - debian/patches/CVE-2024-50602-2.patch: Add XML_PARSING case to parser
      state in function XML_StopParser of expat/lib/xmlparse.c
    - debian/patches/CVE-2024-50602-3.patch: Add tests for CVE-2024-50602 to
      expat/tests/runtests.c
    - CVE-2024-50602

 -- Nicolas Campuzano Jimenez <email address hidden> Sun, 01 Dec 2024 15:51:42 -0500
Source diff to previous version
CVE-2024-50602 An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an un

Version: 2.4.7-1ubuntu0.4 2024-09-17 16:07:00 UTC

  expat (2.4.7-1ubuntu0.4) jammy-security; urgency=medium

  * SECURITY UPDATE: invalid input length
    - CVE-2024-45490-*.patch: adds a check to the XML_ParseBuffer function of
      expat/lib/xmlparse.c to identify and error out if a negative length is
      provided.
    - CVE-2024-45490
  * SECURITY UPDATE: integer overflow
    - CVE-2024-45491.patch: adds a check to the dtdCopy function of
      expat/lib/xmlparse.c to detect and prevent an integer overflow.
    - CVE-2024-45491
  * SECURITY UPDATE: integer overflow
    - CVE-2024-45492.patch: adds a check to the nextScaffoldPart function of
      expat/lib/xmlparse.c to detect and prevent an integer overflow.
    - CVE-2024-45492

 -- Ian Constantin <email address hidden> Tue, 10 Sep 2024 13:17:45 +0300
Source diff to previous version
CVE-2024-45490 An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
CVE-2024-45491 An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT
CVE-2024-45492 An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (wh

Version: 2.4.7-1ubuntu0.3 2024-03-14 15:06:56 UTC

  expat (2.4.7-1ubuntu0.3) jammy-security; urgency=medium

  * SECURITY UPDATE: denial-of-service
    - debian/patches/CVE-2023-52425.patch: Speed up parsing of big tokens.
    - CVE-2023-52425
  * SECURITY UPDATE: denial-of-service
    - debian/patches/CVE-2024-28757.patch: Detect billion laughs attack with
      isolated external parser.
    - CVE-2024-28757

 -- Fabian Toepfer <email address hidden> Wed, 13 Mar 2024 14:28:54 +0100
CVE-2023-52425 libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for w
CVE-2024-28757 libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCrea


About   -   Send Feedback to @ubuntu_updates