Shang-Hung Wan discovered that Expat did not properly handle certain function calls when a negative input length was provided. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2024-45490)
Shang-Hung Wan discovered that Expat did properly handle the potential for an integer overflow on 32-bit platforms. An attacker could use this issue to cause a denial of service or possibly execute arbitrary code. (CVE-2024-45491, CVE-2024-45492)
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "binaries": [ { "libexpat1-dev": "2.1.0-4ubuntu1.4+esm9", "expat-dbgsym": "2.1.0-4ubuntu1.4+esm9", "lib64expat1-dev": "2.1.0-4ubuntu1.4+esm9", "libexpat1": "2.1.0-4ubuntu1.4+esm9", "libexpat1-dbgsym": "2.1.0-4ubuntu1.4+esm9", "libexpat1-udeb": "2.1.0-4ubuntu1.4+esm9", "expat": "2.1.0-4ubuntu1.4+esm9", "libexpat1-udeb-dbgsym": "2.1.0-4ubuntu1.4+esm9", "lib64expat1": "2.1.0-4ubuntu1.4+esm9", "lib64expat1-dbgsym": "2.1.0-4ubuntu1.4+esm9" } ] }
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "binaries": [ { "libexpat1-dev": "2.1.0-7ubuntu0.16.04.5+esm9", "expat-dbgsym": "2.1.0-7ubuntu0.16.04.5+esm9", "lib64expat1-dev": "2.1.0-7ubuntu0.16.04.5+esm9", "libexpat1": "2.1.0-7ubuntu0.16.04.5+esm9", "libexpat1-dbgsym": "2.1.0-7ubuntu0.16.04.5+esm9", "libexpat1-udeb": "2.1.0-7ubuntu0.16.04.5+esm9", "expat": "2.1.0-7ubuntu0.16.04.5+esm9", "libexpat1-udeb-dbgsym": "2.1.0-7ubuntu0.16.04.5+esm9", "lib64expat1": "2.1.0-7ubuntu0.16.04.5+esm9", "lib64expat1-dbgsym": "2.1.0-7ubuntu0.16.04.5+esm9" } ] }
{ "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro", "binaries": [ { "libexpat1-dev": "2.2.5-3ubuntu0.9+esm1", "expat": "2.2.5-3ubuntu0.9+esm1", "expat-dbgsym": "2.2.5-3ubuntu0.9+esm1", "libexpat1-udeb": "2.2.5-3ubuntu0.9+esm1", "libexpat1": "2.2.5-3ubuntu0.9+esm1", "libexpat1-dbgsym": "2.2.5-3ubuntu0.9+esm1" } ] }