CVE - CVE-2019-15903

CVE-ID
CVE-2019-15903	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20190917 [slackware-security] expat (SSA:2019-259-01) URL:https://seclists.org/bugtraq/2019/Sep/30 BUGTRAQ:20190923 [SECURITY] [DSA 4530-1] expat security update URL:https://seclists.org/bugtraq/2019/Sep/37 BUGTRAQ:20191021 [slackware-security] python (SSA:2019-293-01) URL:https://seclists.org/bugtraq/2019/Oct/29 BUGTRAQ:20191101 [SECURITY] [DSA 4549-1] firefox-esr security update URL:https://seclists.org/bugtraq/2019/Nov/1 BUGTRAQ:20191118 [SECURITY] [DSA 4571-1] thunderbird security update URL:https://seclists.org/bugtraq/2019/Nov/24 BUGTRAQ:20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra URL:https://seclists.org/bugtraq/2019/Dec/23 BUGTRAQ:20191211 APPLE-SA-2019-12-10-5 tvOS 13.3 URL:https://seclists.org/bugtraq/2019/Dec/21 BUGTRAQ:20191211 APPLE-SA-2019-12-10-8 watchOS 6.1.1 URL:https://seclists.org/bugtraq/2019/Dec/17 CONFIRM:https://www.tenable.com/security/tns-2021-11 CONFIRM:https://github.com/libexpat/libexpat/issues/342 URL:https://github.com/libexpat/libexpat/issues/342 CONFIRM:https://security.netapp.com/advisory/ntap-20190926-0004/ URL:https://security.netapp.com/advisory/ntap-20190926-0004/ CONFIRM:https://support.apple.com/kb/HT210785 URL:https://support.apple.com/kb/HT210785 CONFIRM:https://support.apple.com/kb/HT210788 URL:https://support.apple.com/kb/HT210788 CONFIRM:https://support.apple.com/kb/HT210789 URL:https://support.apple.com/kb/HT210789 CONFIRM:https://support.apple.com/kb/HT210790 URL:https://support.apple.com/kb/HT210790 CONFIRM:https://support.apple.com/kb/HT210793 URL:https://support.apple.com/kb/HT210793 CONFIRM:https://support.apple.com/kb/HT210794 URL:https://support.apple.com/kb/HT210794 CONFIRM:https://support.apple.com/kb/HT210795 URL:https://support.apple.com/kb/HT210795 DEBIAN:DSA-4530 URL:https://www.debian.org/security/2019/dsa-4530 DEBIAN:DSA-4549 URL:https://www.debian.org/security/2019/dsa-4549 DEBIAN:DSA-4571 URL:https://www.debian.org/security/2019/dsa-4571 FEDORA:FEDORA-2019-613edfe68b URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BDUTI5TVQWIGGQXPEVI4T2ENHFSBMIBP/ FEDORA:FEDORA-2019-672ae0f060 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S26LGXXQ7YF2BP3RGOWELBFKM6BHF6UG/ FEDORA:FEDORA-2019-9505c6b555 URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A4TZKPJFTURRLXIGLB34WVKQ5HGY6JJA/ FULLDISC:20191213 APPLE-SA-2019-12-10-1 iOS 13.3 and iPadOS 13.3 URL:http://seclists.org/fulldisclosure/2019/Dec/23 FULLDISC:20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra URL:http://seclists.org/fulldisclosure/2019/Dec/26 FULLDISC:20191213 APPLE-SA-2019-12-10-5 tvOS 13.3 URL:http://seclists.org/fulldisclosure/2019/Dec/27 FULLDISC:20191213 APPLE-SA-2019-12-10-8 watchOS 6.1.1 URL:http://seclists.org/fulldisclosure/2019/Dec/30 GENTOO:GLSA-201911-08 URL:https://security.gentoo.org/glsa/201911-08 MISC:http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html URL:http://packetstormsecurity.com/files/154503/Slackware-Security-Advisory-expat-Updates.html MISC:http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html URL:http://packetstormsecurity.com/files/154927/Slackware-Security-Advisory-python-Updates.html MISC:http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html URL:http://packetstormsecurity.com/files/154947/Slackware-Security-Advisory-mozilla-firefox-Updates.html MISC:https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43 URL:https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43 MISC:https://github.com/libexpat/libexpat/issues/317 URL:https://github.com/libexpat/libexpat/issues/317 MISC:https://github.com/libexpat/libexpat/pull/318 URL:https://github.com/libexpat/libexpat/pull/318 MISC:https://www.oracle.com/security-alerts/cpuapr2020.html URL:https://www.oracle.com/security-alerts/cpuapr2020.html MISC:https://www.oracle.com/security-alerts/cpuoct2020.html URL:https://www.oracle.com/security-alerts/cpuoct2020.html MLIST:[debian-lts-announce] 20191110 [SECURITY] [DLA 1987-1] firefox-esr security update URL:https://lists.debian.org/debian-lts-announce/2019/11/msg00006.html MLIST:[debian-lts-announce] 20191118 [SECURITY] [DLA 1997-1] thunderbird security update URL:https://lists.debian.org/debian-lts-announce/2019/11/msg00017.html REDHAT:RHSA-2019:3210 URL:https://access.redhat.com/errata/RHSA-2019:3210 REDHAT:RHSA-2019:3237 URL:https://access.redhat.com/errata/RHSA-2019:3237 REDHAT:RHSA-2019:3756 URL:https://access.redhat.com/errata/RHSA-2019:3756 SUSE:openSUSE-SU-2019:2204 URL:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00080.html SUSE:openSUSE-SU-2019:2205 URL:http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00081.html SUSE:openSUSE-SU-2019:2420 URL:http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00000.html SUSE:openSUSE-SU-2019:2424 URL:http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00002.html SUSE:openSUSE-SU-2019:2425 URL:http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00003.html SUSE:openSUSE-SU-2019:2447 URL:http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00013.html SUSE:openSUSE-SU-2019:2451 URL:http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00016.html SUSE:openSUSE-SU-2019:2452 URL:http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00018.html SUSE:openSUSE-SU-2019:2459 URL:http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00017.html SUSE:openSUSE-SU-2019:2464 URL:http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00019.html SUSE:openSUSE-SU-2020:0010 URL:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00008.html SUSE:openSUSE-SU-2020:0086 URL:http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html UBUNTU:USN-4132-1 URL:https://usn.ubuntu.com/4132-1/ UBUNTU:USN-4132-2 URL:https://usn.ubuntu.com/4132-2/ UBUNTU:USN-4165-1 URL:https://usn.ubuntu.com/4165-1/ UBUNTU:USN-4202-1 URL:https://usn.ubuntu.com/4202-1/ UBUNTU:USN-4335-1 URL:https://usn.ubuntu.com/4335-1/
Assigning CNA
MITRE Corporation
Date Record Created
20190904	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20190904)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)