First published: Wed Sep 04 2019(Updated: )
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
Credit: Joonun Jang Joonun Jang Joonun Jang Joonun Jang Joonun Jang Joonun Jang Joonun Jang cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/jbcs-httpd24-curl | <0:7.64.1-36.jbcs.el6 | 0:7.64.1-36.jbcs.el6 |
redhat/jbcs-httpd24-httpd | <0:2.4.37-57.jbcs.el6 | 0:2.4.37-57.jbcs.el6 |
redhat/jbcs-httpd24-nghttp2 | <0:1.39.2-25.jbcs.el6 | 0:1.39.2-25.jbcs.el6 |
redhat/jbcs-httpd24-curl | <0:7.64.1-36.jbcs.el7 | 0:7.64.1-36.jbcs.el7 |
redhat/jbcs-httpd24-httpd | <0:2.4.37-57.jbcs.el7 | 0:2.4.37-57.jbcs.el7 |
redhat/jbcs-httpd24-nghttp2 | <0:1.39.2-25.jbcs.el7 | 0:1.39.2-25.jbcs.el7 |
redhat/jbcs-httpd24-openssl-pkcs11 | <0:0.4.10-7.jbcs.el7 | 0:0.4.10-7.jbcs.el7 |
redhat/thunderbird | <0:68.2.0-2.el6_10 | 0:68.2.0-2.el6_10 |
redhat/firefox | <0:68.2.0-1.el7_7 | 0:68.2.0-1.el7_7 |
redhat/thunderbird | <0:68.2.0-1.el7_7 | 0:68.2.0-1.el7_7 |
redhat/expat | <0:2.1.0-12.el7 | 0:2.1.0-12.el7 |
redhat/firefox | <0:68.2.0-2.el8_0 | 0:68.2.0-2.el8_0 |
redhat/thunderbird | <0:68.2.0-1.el8_0 | 0:68.2.0-1.el8_0 |
redhat/expat | <0:2.2.5-4.el8 | 0:2.2.5-4.el8 |
Apple iCloud for Windows | <10.9 | 10.9 |
Apple iCloud for Windows | <7.16 | 7.16 |
debian/expat | <=2.2.0-2+deb9u2<=2.2.0-1<=2.2.6-2<=2.2.7-1 | 2.2.7-2 2.2.6-2+deb10u1 2.2.0-2+deb9u3 |
Apple iTunes for Windows | <12.10.3 | 12.10.3 |
Libexpat Project Libexpat | <2.2.8 | |
Python Python | >=2.7.0<2.7.17 | |
Python Python | >=3.5.0<3.5.8 | |
Python Python | >=3.6.0<3.6.10 | |
Python Python | >=3.7.0<3.7.5 | |
Apple watchOS | <6.1.1 | 6.1.1 |
Apple macOS Catalina | <10.15.2 | 10.15.2 |
Apple Mojave | ||
Apple High Sierra | ||
Apple tvOS | <13.3 | 13.3 |
Mozilla Thunderbird | <68.2 | 68.2 |
Mozilla Firefox ESR | <68.2 | 68.2 |
Mozilla Firefox | <70 | 70 |
Apple iOS | <13.3 | 13.3 |
Apple iPadOS | <13.3 | 13.3 |
redhat/expat | <2.2.8 | 2.2.8 |
redhat/firefox | <68.2 | 68.2 |
redhat/thunderbird | <68.2 | 68.2 |
IBM RDNG | <=6.0.2 | |
IBM RDNG | <=6.0.6.1 | |
IBM RDNG | <=6.0.6 | |
IBM DOORS Next | <=7.0 | |
debian/chromium | 120.0.6099.224-1~deb11u1 128.0.6613.84-1~deb12u1 130.0.6723.69-1~deb12u1 129.0.6668.89-1 130.0.6723.91-1 | |
debian/expat | 2.2.10-2+deb11u5 2.2.10-2+deb11u6 2.5.0-1 2.5.0-1+deb12u1 2.6.3-2 | |
debian/firefox | 132.0-1 | |
debian/firefox-esr | 115.14.0esr-1~deb11u1 128.4.0esr-1~deb11u1 115.14.0esr-1~deb12u1 128.4.0esr-1~deb12u1 128.3.1esr-2 128.4.0esr-1 | |
debian/thunderbird | 1:115.12.0-1~deb11u1 1:128.4.0esr-1~deb11u1 1:115.12.0-1~deb12u1 1:115.16.0esr-1~deb12u1 1:128.3.2esr-1 1:128.4.0esr-1 |
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
(Found alongside the following vulnerabilities)
CVE-2019-15903 is a vulnerability in libexpat before version 2.2.8 that could result in a heap-based buffer over-read.
Mozilla Firefox ESR versions up to 68.2, Mozilla Thunderbird versions up to 68.2, and Mozilla Firefox versions up to 70 are affected by CVE-2019-15903. Additionally, the expat package versions up to 2.2.8 are also affected.
CVE-2019-15903 has a severity rating of high.
To fix CVE-2019-15903, update to expat version 2.2.8. For Mozilla products, update to the respective patched versions mentioned in the Mozilla security advisories.
You can find more information about CVE-2019-15903 in the provided references: [1], [2], [3].