ID CVE-2019-15903
Summary In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
References
Vulnerable Configurations
  • cpe:2.3:a:libexpat_project:libexpat:-:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:-:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.0:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.1:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.2:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.3:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.4:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.5:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.6:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.6:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.7:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.7:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:1.95.8:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:1.95.8:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:libexpat_project:libexpat:2.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:libexpat_project:libexpat:2.2.7:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 15-06-2021 - 23:15)
Impact:
Exploitability:
CWE CWE-776
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • bugzilla
    id 1764446
    title CVE-2019-11764 Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • comment firefox is earlier than 0:68.2.0-1.el7_7
        oval oval:com.redhat.rhsa:tst:20193193001
      • comment firefox is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100861006
    rhsa
    id RHSA-2019:3193
    released 2019-10-24
    severity Critical
    title RHSA-2019:3193: firefox security update (Critical)
  • bugzilla
    id 1764446
    title CVE-2019-11764 Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 8 is installed
        oval oval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • comment firefox is earlier than 0:68.2.0-2.el8_0
            oval oval:com.redhat.rhsa:tst:20193196001
          • comment firefox is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100861006
        • AND
          • comment firefox-debugsource is earlier than 0:68.2.0-2.el8_0
            oval oval:com.redhat.rhsa:tst:20193196003
          • comment firefox-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190966004
    rhsa
    id RHSA-2019:3196
    released 2019-10-24
    severity Critical
    title RHSA-2019:3196: firefox security update (Critical)
  • bugzilla
    id 1764446
    title CVE-2019-11764 Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • comment thunderbird is earlier than 0:68.2.0-1.el7_7
        oval oval:com.redhat.rhsa:tst:20193210001
      • comment thunderbird is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100896002
    rhsa
    id RHSA-2019:3210
    released 2019-10-29
    severity Important
    title RHSA-2019:3210: thunderbird security update (Important)
  • bugzilla
    id 1764446
    title CVE-2019-11764 Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 8 is installed
        oval oval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • comment thunderbird is earlier than 0:68.2.0-1.el8_0
            oval oval:com.redhat.rhsa:tst:20193237001
          • comment thunderbird is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20100896002
        • AND
          • comment thunderbird-debugsource is earlier than 0:68.2.0-1.el8_0
            oval oval:com.redhat.rhsa:tst:20193237003
          • comment thunderbird-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20191144004
    rhsa
    id RHSA-2019:3237
    released 2019-10-29
    severity Important
    title RHSA-2019:3237: thunderbird security update (Important)
  • bugzilla
    id 1764446
    title CVE-2019-11764 Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • comment thunderbird is earlier than 0:68.2.0-2.el6_10
        oval oval:com.redhat.rhsa:tst:20193756001
      • comment thunderbird is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100896002
    rhsa
    id RHSA-2019:3756
    released 2019-11-06
    severity Important
    title RHSA-2019:3756: thunderbird security update (Important)
  • bugzilla
    id 1752592
    title CVE-2019-15903 expat: heap-based buffer over-read via crafted XML input
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment expat is earlier than 0:2.1.0-12.el7
            oval oval:com.redhat.rhsa:tst:20203952001
          • comment expat is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20120731002
        • AND
          • comment expat-devel is earlier than 0:2.1.0-12.el7
            oval oval:com.redhat.rhsa:tst:20203952003
          • comment expat-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20120731004
        • AND
          • comment expat-static is earlier than 0:2.1.0-12.el7
            oval oval:com.redhat.rhsa:tst:20203952005
          • comment expat-static is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20162824009
    rhsa
    id RHSA-2020:3952
    released 2020-09-29
    severity Moderate
    title RHSA-2020:3952: expat security update (Moderate)
  • bugzilla
    id 1752592
    title CVE-2019-15903 expat: heap-based buffer over-read via crafted XML input
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 8 is installed
        oval oval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • comment expat is earlier than 0:2.2.5-4.el8
            oval oval:com.redhat.rhsa:tst:20204484001
          • comment expat is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20120731002
        • AND
          • comment expat-debugsource is earlier than 0:2.2.5-4.el8
            oval oval:com.redhat.rhsa:tst:20204484003
          • comment expat-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20204484004
        • AND
          • comment expat-devel is earlier than 0:2.2.5-4.el8
            oval oval:com.redhat.rhsa:tst:20204484005
          • comment expat-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20120731004
    rhsa
    id RHSA-2020:4484
    released 2020-11-04
    severity Moderate
    title RHSA-2020:4484: expat security update (Moderate)
rpms
  • firefox-0:68.2.0-1.el7_7
  • firefox-debuginfo-0:68.2.0-1.el7_7
  • firefox-0:68.2.0-2.el8_0
  • firefox-debuginfo-0:68.2.0-2.el8_0
  • firefox-debugsource-0:68.2.0-2.el8_0
  • thunderbird-0:68.2.0-1.el7_7
  • thunderbird-debuginfo-0:68.2.0-1.el7_7
  • thunderbird-0:68.2.0-1.el8_0
  • thunderbird-debuginfo-0:68.2.0-1.el8_0
  • thunderbird-debugsource-0:68.2.0-1.el8_0
  • thunderbird-0:68.2.0-2.el6_10
  • thunderbird-debuginfo-0:68.2.0-2.el6_10
  • jbcs-httpd24-curl-0:7.64.1-36.jbcs.el6
  • jbcs-httpd24-curl-0:7.64.1-36.jbcs.el7
  • jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el6
  • jbcs-httpd24-curl-debuginfo-0:7.64.1-36.jbcs.el7
  • jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-debuginfo-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-devel-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-manual-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-selinux-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-httpd-tools-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el6
  • jbcs-httpd24-libcurl-0:7.64.1-36.jbcs.el7
  • jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el6
  • jbcs-httpd24-libcurl-devel-0:7.64.1-36.jbcs.el7
  • jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el6
  • jbcs-httpd24-mod_cluster-native-0:1.3.14-4.Final_redhat_2.jbcs.el7
  • jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el6
  • jbcs-httpd24-mod_cluster-native-debuginfo-0:1.3.14-4.Final_redhat_2.jbcs.el7
  • jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el6
  • jbcs-httpd24-mod_http2-0:1.15.7-3.jbcs.el7
  • jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el6
  • jbcs-httpd24-mod_http2-debuginfo-0:1.15.7-3.jbcs.el7
  • jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el6
  • jbcs-httpd24-mod_jk-ap24-0:1.2.48-4.redhat_1.jbcs.el7
  • jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el6
  • jbcs-httpd24-mod_jk-debuginfo-0:1.2.48-4.redhat_1.jbcs.el7
  • jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el6
  • jbcs-httpd24-mod_jk-manual-0:1.2.48-4.redhat_1.jbcs.el7
  • jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-mod_ldap-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el6
  • jbcs-httpd24-mod_md-1:2.0.8-24.jbcs.el7
  • jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el6
  • jbcs-httpd24-mod_md-debuginfo-1:2.0.8-24.jbcs.el7
  • jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el6
  • jbcs-httpd24-mod_proxy_html-1:2.4.37-57.jbcs.el7
  • jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el6
  • jbcs-httpd24-mod_security-0:2.9.2-51.GA.jbcs.el7
  • jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el6
  • jbcs-httpd24-mod_security-debuginfo-0:2.9.2-51.GA.jbcs.el7
  • jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el6
  • jbcs-httpd24-mod_session-0:2.4.37-57.jbcs.el7
  • jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el6
  • jbcs-httpd24-mod_ssl-1:2.4.37-57.jbcs.el7
  • jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el6
  • jbcs-httpd24-nghttp2-0:1.39.2-25.jbcs.el7
  • jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el6
  • jbcs-httpd24-nghttp2-debuginfo-0:1.39.2-25.jbcs.el7
  • jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el6
  • jbcs-httpd24-nghttp2-devel-0:1.39.2-25.jbcs.el7
  • jbcs-httpd24-openssl-pkcs11-0:0.4.10-7.jbcs.el7
  • jbcs-httpd24-openssl-pkcs11-debuginfo-0:0.4.10-7.jbcs.el7
  • expat-0:2.1.0-12.el7
  • expat-debuginfo-0:2.1.0-12.el7
  • expat-devel-0:2.1.0-12.el7
  • expat-static-0:2.1.0-12.el7
  • expat-0:2.2.5-4.el8
  • expat-debuginfo-0:2.2.5-4.el8
  • expat-debugsource-0:2.2.5-4.el8
  • expat-devel-0:2.2.5-4.el8
refmap via4
bugtraq
  • 20190917 [slackware-security] expat (SSA:2019-259-01)
  • 20190923 [SECURITY] [DSA 4530-1] expat security update
  • 20191021 [slackware-security] python (SSA:2019-293-01)
  • 20191101 [SECURITY] [DSA 4549-1] firefox-esr security update
  • 20191118 [SECURITY] [DSA 4571-1] thunderbird security update
  • 20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
  • 20191211 APPLE-SA-2019-12-10-5 tvOS 13.3
  • 20191211 APPLE-SA-2019-12-10-8 watchOS 6.1.1
confirm
debian
  • DSA-4530
  • DSA-4549
  • DSA-4571
fedora
  • FEDORA-2019-613edfe68b
  • FEDORA-2019-672ae0f060
  • FEDORA-2019-9505c6b555
fulldisc
  • 20191213 APPLE-SA-2019-12-10-1 iOS 13.3 and iPadOS 13.3
  • 20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra
  • 20191213 APPLE-SA-2019-12-10-5 tvOS 13.3
  • 20191213 APPLE-SA-2019-12-10-8 watchOS 6.1.1
gentoo GLSA-201911-08
misc
mlist
  • [debian-lts-announce] 20191110 [SECURITY] [DLA 1987-1] firefox-esr security update
  • [debian-lts-announce] 20191118 [SECURITY] [DLA 1997-1] thunderbird security update
suse
  • openSUSE-SU-2019:2204
  • openSUSE-SU-2019:2205
  • openSUSE-SU-2019:2420
  • openSUSE-SU-2019:2424
  • openSUSE-SU-2019:2425
  • openSUSE-SU-2019:2447
  • openSUSE-SU-2019:2451
  • openSUSE-SU-2019:2452
  • openSUSE-SU-2019:2459
  • openSUSE-SU-2019:2464
  • openSUSE-SU-2020:0010
  • openSUSE-SU-2020:0086
ubuntu
  • USN-4132-1
  • USN-4132-2
  • USN-4165-1
  • USN-4202-1
  • USN-4335-1
Last major update 15-06-2021 - 23:15
Published 04-09-2019 - 06:15
Last modified 15-06-2021 - 23:15
Back to Top