CVE-2024-45490

The CVE-2024-45490 vulnerability is a security flaw identified in versions of the Expat library (specifically libexpat) prior to version 2.6.3. The vulnerability occurs in the xmlparse.c file, which is responsible for parsing XML data. The issue arises when the function XML_ParseBuffer fails to reject negative lengths during buffer parsing. This oversight can potentially lead to various security risks, such as denial of service (DoS) or arbitrary code execution depending on how it is exploitedโ€‹. It is crucial for systems relying on Expat to update to a patched version to avoid being exposed to this issue.

(see CVE-2024-45490 for details)