QwikSec

Security Database

CVE

CWE

Training

CVE-2019-15903

Published: Sep 4, 2019

Modified: May 30, 2025

PUBLISHED

Description

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_UBUNTU

20190917 [slackware-security] expat (SSA:2019-259-01)

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_UBUNTU

FEDORA-2019-613edfe68b

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_DEBIAN

20190923 [SECURITY] [DSA 4530-1] expat security update

mailing-list

x_refsource_BUGTRAQ

FEDORA-2019-9505c6b555

vendor-advisory

x_refsource_FEDORA

openSUSE-SU-2019:2205

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2019:2204

vendor-advisory

x_refsource_SUSE

FEDORA-2019-672ae0f060

vendor-advisory

x_refsource_FEDORA

20191021 [slackware-security] python (SSA:2019-293-01)

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

20191101 [SECURITY] [DSA 4549-1] firefox-esr security update

mailing-list

x_refsource_BUGTRAQ

openSUSE-SU-2019:2420

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2019:2424

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2019:2425

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_REDHAT

openSUSE-SU-2019:2447

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2019:2451

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2019:2452

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2019:2459

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2019:2464

vendor-advisory

x_refsource_SUSE

[debian-lts-announce] 20191110 [SECURITY] [DLA 1987-1] firefox-esr security update

mailing-list

x_refsource_MLIST

20191118 [SECURITY] [DSA 4571-1] thunderbird security update

mailing-list

x_refsource_BUGTRAQ

vendor-advisory

x_refsource_DEBIAN

[debian-lts-announce] 20191118 [SECURITY] [DLA 1997-1] thunderbird security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_GENTOO

vendor-advisory

x_refsource_UBUNTU

20191211 APPLE-SA-2019-12-10-8 watchOS 6.1.1

mailing-list

x_refsource_BUGTRAQ

20191211 APPLE-SA-2019-12-10-5 tvOS 13.3

mailing-list

x_refsource_BUGTRAQ

20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra

mailing-list

x_refsource_BUGTRAQ

20191213 APPLE-SA-2019-12-10-1 iOS 13.3 and iPadOS 13.3

mailing-list

x_refsource_FULLDISC

20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra

mailing-list

x_refsource_FULLDISC

20191213 APPLE-SA-2019-12-10-8 watchOS 6.1.1

mailing-list

x_refsource_FULLDISC

20191213 APPLE-SA-2019-12-10-5 tvOS 13.3

mailing-list

x_refsource_FULLDISC

openSUSE-SU-2020:0010

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2020:0086

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_UBUNTU

https://www.oracle.com/security-alerts/cpuapr2020.html

x_refsource_MISC

https://www.oracle.com/security-alerts/cpuoct2020.html

x_refsource_MISC

https://github.com/libexpat/libexpat/issues/317

x_refsource_MISC

https://github.com/libexpat/libexpat/pull/318

x_refsource_MISC

https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43

x_refsource_MISC

https://github.com/libexpat/libexpat/issues/342

x_refsource_CONFIRM

http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20190926-0004/

x_refsource_CONFIRM

http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html

x_refsource_MISC

http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html

x_refsource_MISC

https://support.apple.com/kb/HT210788

x_refsource_CONFIRM

https://support.apple.com/kb/HT210790

x_refsource_CONFIRM

https://support.apple.com/kb/HT210785

x_refsource_CONFIRM

https://support.apple.com/kb/HT210789

x_refsource_CONFIRM

https://support.apple.com/kb/HT210793

x_refsource_CONFIRM

https://support.apple.com/kb/HT210795

x_refsource_CONFIRM

https://support.apple.com/kb/HT210794

x_refsource_CONFIRM

https://www.tenable.com/security/tns-2021-11

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.