CVE-2022-43680

Published: Oct 24, 2022

Modified: May 30, 2025

PUBLISHED

Description

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/libexpat/libexpat/pull/650

https://github.com/libexpat/libexpat/issues/649

https://github.com/libexpat/libexpat/pull/616

[debian-lts-announce] 20221028 [SECURITY] [DLA 3165-1] expat security update

mailing-list

DSA-5266

vendor-advisory

GLSA-202210-38

vendor-advisory

FEDORA-2022-ae2559a8f4

vendor-advisory

FEDORA-2022-3cf0e7ebc7

vendor-advisory

FEDORA-2022-f3a939e960

vendor-advisory

FEDORA-2022-5f1e2e9016

vendor-advisory

FEDORA-2022-49db80f821

vendor-advisory

FEDORA-2022-c43235716e

vendor-advisory

https://security.netapp.com/advisory/ntap-20221118-0007/

[oss-security] 20231228 CVE-2022-43680: Apache OpenOffice: "Use after free" fixed in libexpat

mailing-list

[oss-security] 20240103 CVE-2022-43680: Apache OpenOffice: "Use after free" fixed in libexpat

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-43680

Description

Affected Products

References