james clark

Top products

The 15 most recently published vulnerabilities affecting james clark.

• CVE-2022-25314In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.7.5Feb 18, 2022
• CVE-2022-25315In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.9.8Feb 18, 2022
• CVE-2022-25313In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.6.5Feb 18, 2022
• CVE-2022-25235xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.9.8Feb 16, 2022
• CVE-2022-25236xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.9.8Feb 16, 2022
• CVE-2022-23990Expat (aka libexpat) before 2.4.4 has an integer overflow in the doProlog function.7.5Jan 26, 2022
• CVE-2022-22822addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.9.8Jan 8, 2022
• CVE-2022-22823build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.9.8Jan 8, 2022
• CVE-2022-22824defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.9.8Jan 8, 2022
• CVE-2022-22825lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.8.8Jan 8, 2022
• CVE-2022-22826nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.8.8Jan 8, 2022
• CVE-2022-22827storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.8.8Jan 8, 2022
• CVE-2021-46143In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.8.1Jan 6, 2022
• CVE-2021-45960In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing me...8.8Jan 1, 2022
• CVE-2019-15903In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColu...7.5Sep 4, 2019