Home
Packages
Report
Policy
Login
Signup
« List of all CVEs
CVE-2022-40674
Published:
9/14/2022
Last updated:
5/30/2025
Reserved:
9/14/2022
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
CNA assigner:
mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca)
Requested by:
n/a
Metrics
Version
Score
Severity
Vector String
3.1
8.1
High
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Opam packages affected (4)
conf-expat
conf-gtk2
conf-gtk3
ocaml-expat
Products affected (1)
Product
Vendor
Version
n/a
n/a
<= 1.5.2
References (24)
https://github.com/libexpat/libexpat/pull/629
https://github.com/libexpat/libexpat/pull/640
https://www.debian.org/security/2022/dsa-5236
https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html
https://security.gentoo.org/glsa/202209-24
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/
https://security.netapp.com/advisory/ntap-20221028-0008/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ/
https://security.gentoo.org/glsa/202211-06
https://github.com/libexpat/libexpat/pull/629
https://github.com/libexpat/libexpat/pull/640
https://www.debian.org/security/2022/dsa-5236
https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html
https://security.gentoo.org/glsa/202209-24
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2ZKEPGFCZ7R6DRVH3K6RBJPT42ZBEG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J2IGJNHFV53PYST7VQV3T4NHVYAMXA36/
https://security.netapp.com/advisory/ntap-20221028-0008/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSVZN3IJ6OCPSJL7AEX3ZHSHAHFOGESK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCGBVQQ47URGJAZWHCISHDWF6QBTV2LE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LQB6FJAM5YQ35SF5B2MN25Y2FX56EOEZ/
https://security.gentoo.org/glsa/202211-06