The Expat 2.4.5 library, which is used to parse the XML format in many projects, including Apache httpd, OpenOffice, LibreOffice, Firefox, Chromium, Python, and Wayland, fixes five dangerous vulnerabilities, four of which potentially allow you to organize the execution of your code when processing specially crafted XML data in applications using libexpat. Two vulnerabilities are reported to have working exploits. You can follow the publication of package updates in distributions on these Debian, SUSE, Ubuntu, RHEL, Fedora, Gentoo, Arch Linux pages.
Identified vulnerabilities:
- CVE-2022-25235 - Buffer overflow due to incorrect checking of Unicode character encoding, which can lead (there is an exploit) to code execution when processing specially formatted sequences of 2- and 3-byte UTF-8 characters in XML tag names.
- CVE-2022-25236 - Ability to substitute namespace separator characters into "xmlns[:prefix]" attribute values ββin URIs. The vulnerability allows organizing code execution when processing data from an attacker (there is an exploit).
- CVE-2022-25313 - A "doctype" block (DTD) parsing stack exhaustion occurs in files larger than 2MB that include a very large number of opening brackets. It is possible that the vulnerability could be used to organize the execution of one's own code in the system.
- CVE-2022-25315 - An integer overflow in the storeRawNames function that only occurs on 64-bit systems and requires gigabytes of data to be processed. It is possible that the vulnerability could be used to organize the execution of one's own code in the system.
- CVE-2022-25314 - An integer overflow in the copyString function that only occurs on 64-bit systems and requires gigabytes of data to be processed. The problem can lead to a denial of service.
Source: opennet.ru