The CVE-2024-45491 vulnerability is an integer overflow issue identified in libexpat versions prior to 2.6.3. This vulnerability occurs in the `dtdCopy` function of the `xmlparse.c` file, specifically impacting 32-bit platforms. The problem arises when an attacker can exploit this overflow in systems where `UINT_MAX` equals `SIZE_MAX`. The vulnerability is critical, with a CVSS score of 7.3, and poses a significant risk, particularly for network-based attacks that require no user interaction or elevated privileges.
While the impact on confidentiality and integrity is considered low, it can allow remote attackers to manipulate system data, making it a serious concern for organizations relying on libexpat. To mitigate the vulnerability, it is recommended to update to libexpat version 2.6.3 or later.
(see CVE-2024-45491 for details)