{"id":"CVE-2022-25315","is_known_exploited_vuln":false,"tickets":[],"description":"In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.","urls":["https://nvd.nist.gov/vuln/detail/CVE-2022-25315","https://github.com/libexpat/libexpat/pull/559","http://www.openwall.com/lists/oss-security/2022/02/19/1","https://www.debian.org/security/2022/dsa-5085","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/","https://security.netapp.com/advisory/ntap-20220303-0008/","https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"]}
{"id":"CVE-2022-40674","is_known_exploited_vuln":false,"tickets":[],"description":"libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.","urls":["https://nvd.nist.gov/vuln/detail/CVE-2022-40674","https://github.com/libexpat/libexpat/pull/629","https://github.com/libexpat/libexpat/pull/640","https://www.debian.org/security/2022/dsa-5236","https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html"]}
{"id":"CVE-2022-25313","is_known_exploited_vuln":false,"tickets":[],"description":"In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.","urls":["https://nvd.nist.gov/vuln/detail/CVE-2022-25313","https://github.com/libexpat/libexpat/pull/558","http://www.openwall.com/lists/oss-security/2022/02/19/1","https://www.debian.org/security/2022/dsa-5085","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/","https://security.netapp.com/advisory/ntap-20220303-0008/","https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"]}
{"id":"CVE-2022-25235","is_known_exploited_vuln":false,"tickets":[],"description":"xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.","urls":["https://nvd.nist.gov/vuln/detail/CVE-2022-25235","https://github.com/libexpat/libexpat/pull/562","http://www.openwall.com/lists/oss-security/2022/02/19/1","https://www.debian.org/security/2022/dsa-5085","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/","https://security.netapp.com/advisory/ntap-20220303-0008/","https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"]}
{"id":"CVE-2022-25314","is_known_exploited_vuln":false,"tickets":[],"description":"In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.","urls":["https://nvd.nist.gov/vuln/detail/CVE-2022-25314","https://github.com/libexpat/libexpat/pull/560","http://www.openwall.com/lists/oss-security/2022/02/19/1","https://www.debian.org/security/2022/dsa-5085","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/","https://security.netapp.com/advisory/ntap-20220303-0008/","https://www.oracle.com/security-alerts/cpuapr2022.html","https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"]}
{"id":"CVE-2022-25236","is_known_exploited_vuln":false,"tickets":[],"description":"xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.","urls":["https://nvd.nist.gov/vuln/detail/CVE-2022-25236","https://github.com/libexpat/libexpat/pull/561","http://www.openwall.com/lists/oss-security/2022/02/19/1","https://www.debian.org/security/2022/dsa-5085","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3UFRBA3UQVIQKXTBUQXDWQOVWNBKLERU/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y27XO3JMKAOMQZVPS3B4MJGEAHCZF5OM/","https://security.netapp.com/advisory/ntap-20220303-0008/","https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html","https://www.oracle.com/security-alerts/cpuapr2022.html","http://packetstormsecurity.com/files/167238/Zoom-XMPP-Stanza-Smuggling-Remote-Code-Execution.html","https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"]}
{"id":"CVE-2022-23852","is_known_exploited_vuln":false,"tickets":[],"description":"Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.","urls":["https://nvd.nist.gov/vuln/detail/CVE-2022-23852","https://github.com/libexpat/libexpat/pull/550","https://www.tenable.com/security/tns-2022-05","https://www.debian.org/security/2022/dsa-5073","https://security.netapp.com/advisory/ntap-20220217-0001/","https://lists.debian.org/debian-lts-announce/2022/03/msg00007.html","https://www.oracle.com/security-alerts/cpuapr2022.html","https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"]}
{"id":"CVE-2022-23990","is_known_exploited_vuln":false,"tickets":[],"description":"Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.","urls":["https://nvd.nist.gov/vuln/detail/CVE-2022-23990","https://github.com/libexpat/libexpat/pull/551","https://www.tenable.com/security/tns-2022-05","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R7FF2UH7MPXKTADYSJUAHI2Y5UHBSHUH/","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34NXVL2RZC2YZRV74ZQ3RNFB7WCEUP7D/","https://www.debian.org/security/2022/dsa-5073","https://www.oracle.com/security-alerts/cpuapr2022.html","https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf"]}

$ equery d dev-libs/expat
 * These packages depend on dev-libs/expat:
app-arch/libarchive-3.6.1 (expat ? dev-libs/expat[-mgorny(-)])
app-office/libreoffice-bin-7.4.1.2 (dev-libs/expat)
dev-lang/python-3.7.14 (xml ? >=dev-libs/expat-2.1)
dev-lang/python-3.9.14 (xml ? >=dev-libs/expat-2.1)
dev-libs/dbus-glib-0.110 (>=dev-libs/expat-2.1.0-r3[-mgorny(-)])
dev-libs/wayland-1.21.0 (>=dev-libs/expat-2.1.0-r3)
dev-perl/XML-Parser-2.440.0 (>=dev-libs/expat-1.95.1-r1)
dev-util/cmake-3.19.7 (>=dev-libs/expat-2.0.1)
dev-util/wayland-scanner-1.21.0 (>=dev-libs/expat-2.1.0-r3)
dev-vcs/git-2.37.3 (webdav ? dev-libs/expat)
media-gfx/exiv2-0.27.5-r1 (xmp ? dev-libs/expat[-mgorny(-)])
media-gfx/graphviz-2.44.1 (>=dev-libs/expat-2)
media-libs/fontconfig-2.13.0-r4 (>=dev-libs/expat-2.1.0-r3[-mgorny(-)])
media-libs/libwmf-0.2.8.4-r7 (expat ? dev-libs/expat)
media-libs/mesa-22.0.1 (>=dev-libs/expat-2.1.0-r3)
net-dns/avahi-0.8 (dev-libs/expat)
net-im/discord-bin-0.0.20 (dev-libs/expat)
net-im/slack-bin-4.28.182 (dev-libs/expat:0[-mgorny(-)])
net-libs/neon-0.30.2 (expat ? dev-libs/expat:0[-mgorny(-)])
sys-apps/dbus-1.12.20 (>=dev-libs/expat-2.1.0)
                      (dev-libs/expat)
sys-auth/polkit-0.119-r4 (dev-libs/expat)
sys-block/thin-provisioning-tools-0.8.5 (!static ? dev-libs/expat)
                                        (static ? dev-libs/expat[static-libs(+)])
sys-devel/gettext-0.20.1 (dev-libs/expat)
www-client/google-chrome-105.0.5195.125 (dev-libs/expat)