7.5
CWE
125 776 122
Advisory Published
CVE Published
Updated

CVE-2019-15903

First published: Wed Sep 04 2019(Updated: )

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.

Credit: Joonun Jang Joonun Jang Joonun Jang Joonun Jang Joonun Jang Joonun Jang Joonun Jang cve@mitre.org cve@mitre.org

Affected SoftwareAffected VersionHow to fix
redhat/jbcs-httpd24-curl<0:7.64.1-36.jbcs.el6
0:7.64.1-36.jbcs.el6
redhat/jbcs-httpd24-httpd<0:2.4.37-57.jbcs.el6
0:2.4.37-57.jbcs.el6
redhat/jbcs-httpd24-nghttp2<0:1.39.2-25.jbcs.el6
0:1.39.2-25.jbcs.el6
redhat/jbcs-httpd24-curl<0:7.64.1-36.jbcs.el7
0:7.64.1-36.jbcs.el7
redhat/jbcs-httpd24-httpd<0:2.4.37-57.jbcs.el7
0:2.4.37-57.jbcs.el7
redhat/jbcs-httpd24-nghttp2<0:1.39.2-25.jbcs.el7
0:1.39.2-25.jbcs.el7
redhat/jbcs-httpd24-openssl-pkcs11<0:0.4.10-7.jbcs.el7
0:0.4.10-7.jbcs.el7
redhat/thunderbird<0:68.2.0-2.el6_10
0:68.2.0-2.el6_10
redhat/firefox<0:68.2.0-1.el7_7
0:68.2.0-1.el7_7
redhat/thunderbird<0:68.2.0-1.el7_7
0:68.2.0-1.el7_7
redhat/expat<0:2.1.0-12.el7
0:2.1.0-12.el7
redhat/firefox<0:68.2.0-2.el8_0
0:68.2.0-2.el8_0
redhat/thunderbird<0:68.2.0-1.el8_0
0:68.2.0-1.el8_0
redhat/expat<0:2.2.5-4.el8
0:2.2.5-4.el8
Apple iCloud for Windows<10.9
10.9
Apple iCloud for Windows<7.16
7.16
debian/expat<=2.2.0-2+deb9u2<=2.2.0-1<=2.2.6-2<=2.2.7-1
2.2.7-2
2.2.6-2+deb10u1
2.2.0-2+deb9u3
Apple iTunes for Windows<12.10.3
12.10.3
Libexpat Project Libexpat<2.2.8
Python Python>=2.7.0<2.7.17
Python Python>=3.5.0<3.5.8
Python Python>=3.6.0<3.6.10
Python Python>=3.7.0<3.7.5
Apple watchOS<6.1.1
6.1.1
Apple macOS Catalina<10.15.2
10.15.2
Apple Mojave
Apple High Sierra
Apple tvOS<13.3
13.3
Mozilla Thunderbird<68.2
68.2
Mozilla Firefox ESR<68.2
68.2
Mozilla Firefox<70
70
Apple iOS<13.3
13.3
Apple iPadOS<13.3
13.3
redhat/expat<2.2.8
2.2.8
redhat/firefox<68.2
68.2
redhat/thunderbird<68.2
68.2
IBM RDNG<=6.0.2
IBM RDNG<=6.0.6.1
IBM RDNG<=6.0.6
IBM DOORS Next<=7.0
debian/chromium
120.0.6099.224-1~deb11u1
128.0.6613.84-1~deb12u1
130.0.6723.69-1~deb12u1
129.0.6668.89-1
130.0.6723.91-1
debian/expat
2.2.10-2+deb11u5
2.2.10-2+deb11u6
2.5.0-1
2.5.0-1+deb12u1
2.6.3-2
debian/firefox
132.0-1
debian/firefox-esr
115.14.0esr-1~deb11u1
128.4.0esr-1~deb11u1
115.14.0esr-1~deb12u1
128.4.0esr-1~deb12u1
128.3.1esr-2
128.4.0esr-1
debian/thunderbird
1:115.12.0-1~deb11u1
1:128.4.0esr-1~deb11u1
1:115.12.0-1~deb12u1
1:115.16.0esr-1~deb12u1
1:128.3.2esr-1
1:128.4.0esr-1

Remedy

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Reference Links

Frequently Asked Questions

  • What is CVE-2019-15903?

    CVE-2019-15903 is a vulnerability in libexpat before version 2.2.8 that could result in a heap-based buffer over-read.

  • Which software products are affected by CVE-2019-15903?

    Mozilla Firefox ESR versions up to 68.2, Mozilla Thunderbird versions up to 68.2, and Mozilla Firefox versions up to 70 are affected by CVE-2019-15903. Additionally, the expat package versions up to 2.2.8 are also affected.

  • What is the severity of CVE-2019-15903?

    CVE-2019-15903 has a severity rating of high.

  • How can I fix CVE-2019-15903?

    To fix CVE-2019-15903, update to expat version 2.2.8. For Mozilla products, update to the respective patched versions mentioned in the Mozilla security advisories.

  • Where can I find more information about CVE-2019-15903?

    You can find more information about CVE-2019-15903 in the provided references: [1], [2], [3].

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203