CVE-2019-15903

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-15903
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-15903.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-15903
Downstream
Related
Published
2019-09-04T06:15:10.877Z
Modified
2026-06-18T04:04:49.743054203Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XMLGetCurrentLineNumber (or XMLGetCurrentColumnNumber) then resulted in a heap-based buffer over-read.

References

Affected packages

Git / github.com/libexpat/libexpat

Affected ranges

Type
GIT
Repo
https://github.com/libexpat/libexpat
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
91b17cfeb8edf60ca23e33fe59ac231d0f2efb48
Fixed
c20b758c332d9a13afbbb276d30db1d183a85d43
Database specific 
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.2.8"
        }
    ],
    "cpe": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*",
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ]
}

Affected versions

Other
REC1_0
R_1_95_0
R_1_95_2
R_1_95_3
R_1_95_4
R_1_95_5
R_1_95_6
R_1_95_7
R_1_95_8
R_2_0_0
R_2_0_1
R_2_1_0
R_2_1_1
R_2_2_0
R_2_2_1
R_2_2_2
R_2_2_3
R_2_2_4
R_2_2_5
R_2_2_6
R_2_2_7
V1990307
V19981122
V19981231
V19990109
V19990425
V19990626
V19990709
V19990728
V19991013
V1_0
V1_1
V20000512
beta2
beta3
beta4
jclark-orig
libexpat-alpha-1
sourceforge_init
start

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-15903.json"

Git / github.com/python/cpython

Affected ranges

Type
GIT
Repo
https://github.com/python/cpython
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
c2f86d86e6c8f5fd1ef602128b537a48f3f5c063
Introduced
2e789a1f1d84b343a996e8654590703b5fbdd441
Fixed
ac39a516017c80993309f803441c8ee97c44838e
Introduced
5c4568a05a0a62b5947c55f68f9f2ecfb90a4f12
Fixed
02dff8b01100e7cd6d4c93be27202ccb4ea05811
Introduced
1bf9cc509326bc42cd8cb1650eb9bf64550d817e
Fixed
5c02a39a0b31a330e06b4d6f44835afb205dc7cc
Database specific 
{
    "extracted_events": [
        {
            "introduced": "2.7.0"
        },
        {
            "fixed": "2.7.17"
        },
        {
            "introduced": "3.5.0"
        },
        {
            "fixed": "3.5.8"
        },
        {
            "introduced": "3.6.0"
        },
        {
            "fixed": "3.6.10"
        },
        {
            "introduced": "3.7.0"
        },
        {
            "fixed": "3.7.5"
        }
    ],
    "cpe": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE"
}

Affected versions

v0.*
v0.9.8
v0.9.9
v1.*
v1.0.1
v1.0.2
v1.1
v1.1.1
v1.2
v1.2b1
v1.2b2
v1.2b3
v1.2b4
v1.3
v1.3b1
v1.4
v1.4b1
v1.4b2
v1.4b3
v1.5
v1.5.1
v1.5.2
v1.5.2a1
v1.5.2a2
v1.5.2b1
v1.5.2b2
v1.5.2c1
v1.5a1
v1.5a2
v1.5a3
v1.5a4
v1.5b1
v1.5b2
v1.6a1
v1.6a2
v2.*
v2.0
v2.0b1
v2.0b2
v2.0c1
v2.1
v2.1a1
v2.1a2
v2.1b1
v2.1b2
v2.1c1
v2.1c2
v2.2a3
v2.3c1
v2.3c2
v2.4
v2.4a1
v2.4a2
v2.4a3
v2.4b1
v2.4b2
v2.4c1
v2.5a0
v2.5a1
v2.5a2
v2.5b1
v2.5b2
v2.5b3
v2.6
v2.6a1
v2.6a2
v2.6a3
v2.6b1
v2.6b2
v2.6b3
v2.6rc1
v2.6rc2
v2.7
v2.7.1
v2.7.10rc1
v2.7.11rc1
v2.7.12rc1
v2.7.13rc1
v2.7.15rc1
v2.7.16rc1
v2.7.17rc1
v2.7.1rc1
v2.7.2rc1
v2.7.3rc1
v2.7.4rc1
v2.7.5
v2.7.6rc1
v2.7.8
v2.7.9rc1
v2.7a1
v2.7a2
v2.7a3
v2.7a4
v2.7b1
v2.7b2
v2.7rc1
v2.7rc2
v3.*
v3.0a1
v3.0a2
v3.0a3
v3.0a4
v3.0a5
v3.0b1
v3.0b2
v3.0b3
v3.0rc1
v3.0rc2
v3.0rc3
v3.1
v3.1a1
v3.1a2
v3.1b1
v3.1rc1
v3.1rc2
v3.2a1
v3.2a2
v3.2a3
v3.2a4
v3.2b1
v3.2b2
v3.2rc1
v3.2rc2
v3.2rc3
v3.3.0a2
v3.3.0a3
v3.3.0a4
v3.3.0b1
v3.3.0b2
v3.3.0rc1
v3.3.0rc2
v3.3.0rc3
v3.4.0a1
v3.4.0a2
v3.4.0a3
v3.4.0a4
v3.4.0b1
v3.4.0b2
v3.4.0b3
v3.5.0a1
v3.5.0a2
v3.5.0a3
v3.5.0a4
v3.5.0b1
v3.5.0b3
v3.5.0b4
v3.5.0rc1
v3.5.0rc2
v3.5.0rc3
v3.5.1rc1
v3.5.2
v3.5.2rc1
v3.5.3
v3.5.3rc1
v3.5.4
v3.5.4rc1
v3.5.5
v3.5.5rc1
v3.5.6
v3.5.6rc1
v3.5.7
v3.5.7rc1
v3.5.8rc1
v3.5.8rc2
v3.6.0a3
v3.6.0b1
v3.6.0b3
v3.6.0b4
v3.6.0rc1
v3.6.10rc1
v3.6.2rc1
v3.6.6rc1
v3.6.8
v3.6.8rc1
v3.6.9
v3.6.9rc1
v3.7.0a2
v3.7.0b1
v3.7.0b2
v3.7.0b3
v3.7.0b4
v3.7.0b5
v3.7.0rc1
v3.7.2rc1
v3.7.3rc1

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-15903.json"