CVE Catalog

CVE-2024-45491

Critical
Published: Translated: NVD NIST

Summary

An issue was discovered in libexpat before version 2.6.3 related to integer overflow in the dtdCopy function in xmlparse.c. This issue occurs on 32-bit platforms where UINT_MAX equals SIZE_MAX.

Risk Assessment

The integer overflow may lead to unexpected application behavior, creating a risk of exploitation by attackers. Organizations may face system crashes or unauthorized data access.

Recommendation

It is recommended to update libexpat to version 2.6.3 or newer to mitigate this vulnerability. Additionally, an audit of applications using this library should be conducted to minimize risk.

Original NVD description (English source)

An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

Vulnerability data from NVD (NIST) · CISA KEV · EPSS