Vulnerability CVE-2019-15903: Information

Description

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-15903
Published: Sept. 4, 2019
Modified: Nov. 7, 2023
Error type identifier: CWE-125CWE-776

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
chromiumsisyphus78.0.3904.97-alt1124.0.6367.207-alt1ALT-PU-2019-3112-1240509Fixed
chromiump1078.0.3904.97-alt1119.0.6045.159-alt0.p10.1ALT-PU-2019-3112-1240509Fixed
chromiump979.0.3945.79-alt197.0.4692.99-alt0.p9.1ALT-PU-2020-1050-1243936Fixed
chromiumc10f178.0.3904.97-alt1110.0.5481.177-alt1.p10.1ALT-PU-2019-3112-1240509Fixed
chromiumc9f279.0.3945.79-alt184.0.4147.105-alt1.1.p9ALT-PU-2020-1050-1243936Fixed
chromium-gostsisyphus80.0.3987.132-alt1124.0.6367.78-alt1ALT-PU-2020-1707-1249793Fixed
chromium-gostp1080.0.3987.132-alt1110.0.5481.177-alt1.p10.1ALT-PU-2020-1707-1249793Fixed
chromium-gostp983.0.4103.61-alt2.M90P.196.0.4664.45-alt2.p9.1ALT-PU-2020-2441-1255237Fixed
chromium-gostc10f180.0.3987.132-alt1110.0.5481.177-alt1.p10.1ALT-PU-2020-1707-1249793Fixed
chromium-gostc9f283.0.4103.61-alt2.M90P.196.0.4664.45-alt2.c9.1ALT-PU-2020-2441-1255237Fixed
expatsisyphus2.2.9-alt12.5.0-alt1ALT-PU-2020-2053-1252464Fixed
expatp102.2.9-alt12.5.0-alt1ALT-PU-2020-2053-1252464Fixed
expatp92.2.10-alt12.4.3-alt1ALT-PU-2020-3273-1261554Fixed
expatc10f12.2.9-alt12.5.0-alt1ALT-PU-2020-2053-1252464Fixed
expatc9f22.2.10-alt12.5.0-alt1ALT-PU-2020-3264-1261553Fixed
firefoxsisyphus70.0.1-alt1126.0-alt1ALT-PU-2019-3087-1240250Fixed
firefoxp1070.0.1-alt1118.0.2-alt0.p10.1ALT-PU-2019-3087-1240250Fixed
firefoxp972.0.2-alt0.1.p9105.0.1-alt0.c9.1ALT-PU-2020-1617-1245893Fixed
firefoxc10f170.0.1-alt1112.0.2-alt0.p10.1ALT-PU-2019-3087-1240250Fixed
firefoxc9f272.0.2-alt0.1.p9105.0.1-alt0.c9.1ALT-PU-2020-1617-1245893Fixed
firefox-esrsisyphus68.2.0-alt1115.11.0-alt1ALT-PU-2019-3056-1239816Fixed
firefox-esrp1068.2.0-alt1115.10.0-alt1ALT-PU-2019-3056-1239816Fixed
firefox-esrp968.2.0-alt1102.11.0-alt0.c9.1ALT-PU-2019-3106-1240257Fixed
firefox-esrp868.2.0-alt0.M80P.168.4.1-alt0.M80P.1ALT-PU-2019-3218-1242089Fixed
firefox-esrc10f168.2.0-alt1115.9.1-alt0.c10.1ALT-PU-2019-3056-1239816Fixed
firefox-esrc9f268.2.0-alt1102.12.0-alt0.c9.1ALT-PU-2019-3106-1240257Fixed
pocosisyphus1.9.4-alt11.12.5p1-alt1ALT-PU-2019-2740-1237722Fixed
pocop101.9.4-alt11.12.4-alt2ALT-PU-2019-2740-1237722Fixed
pocop91.9.4-alt11.9.4-alt1ALT-PU-2019-2751-2237870Fixed
pococ10f11.9.4-alt11.12.4-alt2ALT-PU-2019-2740-1237722Fixed
pococ9f21.9.4-alt11.9.4-alt1ALT-PU-2019-2751-2237870Fixed
pythonsisyphus2.7.17-alt12.7.18-alt11ALT-PU-2019-3103-1240064Fixed
pythonp102.7.17-alt12.7.18-alt10ALT-PU-2019-3103-1240064Fixed
pythonc10f12.7.17-alt12.7.18-alt10ALT-PU-2019-3103-1240064Fixed
pythonc9f22.7.18-alt0.M90P.12.7.18-alt0.MC9.1ALT-PU-2020-3318-1261853Fixed
python3sisyphus3.8.1-alt13.12.2-alt1ALT-PU-2020-1434-1245000Fixed
python3p103.8.1-alt13.9.18-alt1ALT-PU-2020-1434-1245000Fixed
python3p93.7.11-alt13.7.17-alt1ALT-PU-2021-2653-1273501Fixed
python3c10f13.8.1-alt13.9.18-alt0.c10f1.1ALT-PU-2020-1434-1245000Fixed
python3c9f23.7.17-alt13.7.17-alt1ALT-PU-2024-3474-2342077Fixed
thunderbirdsisyphus68.4.2-alt1115.9.0-alt1ALT-PU-2020-1166-1243898Fixed
thunderbirdp1068.4.2-alt1115.9.0-alt1ALT-PU-2020-1166-1243898Fixed
thunderbirdp968.6.0-alt1102.11.0-alt0.c9.1ALT-PU-2020-1515-1245787Fixed
thunderbirdc10f168.4.2-alt1115.9.0-alt0.c10.1ALT-PU-2020-1166-1243898Fixed
thunderbirdc9f268.6.0-alt1102.11.0-alt0.c9.1ALT-PU-2020-1515-1245787Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/libexpat/libexpat/pull/318
  • Issue Tracking
  • Patch
  • Third Party Advisory
https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43
  • Patch
  • Third Party Advisory
https://github.com/libexpat/libexpat/issues/317
  • Exploit
  • Issue Tracking
  • Third Party Advisory
USN-4132-1
  • Third Party Advisory
https://github.com/libexpat/libexpat/issues/342
  • Third Party Advisory
20190917 [slackware-security] expat (SSA:2019-259-01)
  • Mailing List
  • Third Party Advisory
http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html
  • Third Party Advisory
  • VDB Entry
USN-4132-2
  • Third Party Advisory
DSA-4530
  • Third Party Advisory
20190923 [SECURITY] [DSA 4530-1] expat security update
  • Mailing List
  • Third Party Advisory
https://security.netapp.com/advisory/ntap-20190926-0004/
  • Third Party Advisory
openSUSE-SU-2019:2205
  • Mailing List
  • Third Party Advisory
openSUSE-SU-2019:2204
  • Mailing List
  • Third Party Advisory
20191021 [slackware-security] python (SSA:2019-293-01)
  • Mailing List
  • Third Party Advisory
http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html
  • Third Party Advisory
  • VDB Entry
http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html
  • Third Party Advisory
  • VDB Entry
USN-4165-1
  • Third Party Advisory
DSA-4549
  • Third Party Advisory
RHSA-2019:3237
  • Third Party Advisory
RHSA-2019:3210
  • Third Party Advisory
20191101 [SECURITY] [DSA 4549-1] firefox-esr security update
  • Mailing List
  • Third Party Advisory
openSUSE-SU-2019:2420
  • Mailing List
  • Third Party Advisory
openSUSE-SU-2019:2424
  • Mailing List
  • Third Party Advisory
openSUSE-SU-2019:2425
  • Mailing List
  • Third Party Advisory
RHSA-2019:3756
  • Third Party Advisory
openSUSE-SU-2019:2447
  • Mailing List
  • Third Party Advisory
openSUSE-SU-2019:2459
  • Mailing List
  • Third Party Advisory
openSUSE-SU-2019:2464
  • Mailing List
  • Third Party Advisory
openSUSE-SU-2019:2451
  • Mailing List
  • Third Party Advisory
openSUSE-SU-2019:2452
  • Mailing List
  • Third Party Advisory
[debian-lts-announce] 20191110 [SECURITY] [DLA 1987-1] firefox-esr security update
  • Mailing List
  • Third Party Advisory
20191118 [SECURITY] [DSA 4571-1] thunderbird security update
  • Mailing List
  • Third Party Advisory
DSA-4571
  • Third Party Advisory
[debian-lts-announce] 20191118 [SECURITY] [DLA 1997-1] thunderbird security update
  • Mailing List
  • Third Party Advisory
GLSA-201911-08
  • Third Party Advisory
USN-4202-1
  • Third Party Advisory
https://support.apple.com/kb/HT210788
  • Third Party Advisory
https://support.apple.com/kb/HT210785
  • Third Party Advisory
https://support.apple.com/kb/HT210790
  • Third Party Advisory
https://support.apple.com/kb/HT210789
  • Third Party Advisory
20191211 APPLE-SA-2019-12-10-5 tvOS 13.3
  • Mailing List
  • Third Party Advisory
20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
  • Mailing List
  • Third Party Advisory
20191211 APPLE-SA-2019-12-10-8 watchOS 6.1.1
  • Mailing List
  • Third Party Advisory
https://support.apple.com/kb/HT210793
  • Third Party Advisory
https://support.apple.com/kb/HT210795
  • Third Party Advisory
https://support.apple.com/kb/HT210794
  • Third Party Advisory
20191213 APPLE-SA-2019-12-10-1 iOS 13.3 and iPadOS 13.3
  • Mailing List
  • Third Party Advisory
20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
  • Mailing List
  • Third Party Advisory
20191213 APPLE-SA-2019-12-10-5 tvOS 13.3
  • Mailing List
  • Third Party Advisory
20191213 APPLE-SA-2019-12-10-8 watchOS 6.1.1
  • Mailing List
  • Third Party Advisory
openSUSE-SU-2020:0010
  • Mailing List
  • Third Party Advisory
openSUSE-SU-2020:0086
  • Mailing List
  • Third Party Advisory
N/A
  • Third Party Advisory
USN-4335-1
  • Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2020.html
  • Third Party Advisory
https://www.tenable.com/security/tns-2021-11
  • Third Party Advisory
FEDORA-2019-613edfe68b
    FEDORA-2019-9505c6b555
      FEDORA-2019-672ae0f060

          1. Configuration 1

            cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
            End excliding
            2.2.8

            Configuration 2

            cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
            Start including
            3.5.0
            End excliding
            3.5.8
            cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
            Start including
            2.7.0
            End excliding
            2.7.17
            cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
            Start including
            3.7.0
            End excliding
            3.7.5
            cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
            Start including
            3.6.0
            End excliding
            3.6.10
        VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
        Version: v24.5.1
        Back to top