In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.

Mitigation

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

References

bugzilla.redhat.com/show_bug.cgi?id=1752592

nvd.nist.gov/vuln/detail/CVE-2019-15903

www.cve.org/CVERecord?id=CVE-2019-15903

openvas 39

debian 7

nvd 1

nessus 71

freebsd 1

ibm 9

fedora 3

suse 5

cbl_mariner 1

ubuntu 3

osv 9

slackware 2

mageia 2

cvelist 1

cve 1

f5 2

prion 1

cloudfoundry 1

alpinelinux 1

debiancve 1

veracode 1

ubuntucve 1

symantec 1

centos 1

almalinux 1

gentoo 1

oraclelinux 3

rocky 1

amazon 4

altlinux 3

redhat 7

kaspersky 3

photon 2

apple 6

archlinux 1

mozilla 2

openvas

Fedora Update for expat FEDORA-2019-9505c6b555

2019-09-26 00:00:00

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2020-1075)

2020-01-23 00:00:00

Fedora Update for expat FEDORA-2019-672ae0f060

2019-10-04 00:00:00

debian

[SECURITY] [DLA 1912-1] expat security update

2019-09-06 14:21:17

[SECURITY] [DSA 4530-1] expat security update

2019-09-22 07:41:45

[SECURITY] [DSA 4530-1] expat security update

2019-09-22 07:41:45

nvd

CVE-2019-15903

2019-09-04 06:15:10

nessus

Debian DSA-4530-1 : expat - security update

2019-09-23 00:00:00

Fedora 31 : expat (2019-613edfe68b)

2019-10-07 00:00:00

openSUSE Security Update : expat (openSUSE-2019-2205)

2019-09-30 00:00:00

freebsd

python 3.7 -- multiple vulnerabilities

2019-09-14 00:00:00

ibm

Security Bulletin: A security vulnerability has been disclosed in Expat, which is installed as part of IBM Tivoli Network Manager (CVE-2019-15903).

2020-03-23 12:37:53

Security Bulletin: IBM API Connect is impacted by a vulnerability in libexpat (CVE-2019-15903)

2019-12-17 17:30:16

Security Bulletin: IBM Tivoli Monitoring Basic Services component (CVE-2019-15903)

2020-02-12 15:57:36

fedora

[SECURITY] Fedora 30 Update: expat-2.2.8-1.fc30

2019-09-25 01:08:45

[SECURITY] Fedora 29 Update: expat-2.2.8-1.fc29

2019-10-02 01:41:36

[SECURITY] Fedora 31 Update: expat-2.2.8-1.fc31

2019-09-21 00:04:26

suse

Security update for expat (moderate)

2019-09-28 00:00:00

Security update for expat (moderate)

2019-09-28 00:00:00

2019-11-09 00:00:00

cbl_mariner

CVE-2019-15903 affecting package expat 2.2.6-4

2022-01-10 03:59:19

ubuntu

Expat vulnerability

2019-09-12 00:00:00

Expat vulnerability

2019-09-12 00:00:00

VTK vulnerabilities

2021-03-15 00:00:00

osv

expat - security update

2019-09-06 00:00:00

CVE-2019-15903

2019-09-04 06:15:10

expat - security update

2019-09-22 00:00:00

slackware

[slackware-security] expat

2019-09-16 21:54:40

[slackware-security] python

2019-10-20 20:16:04

mageia

Updated expat packages fix security vulnerability

2019-11-08 02:36:48

Updated firefox packages fix security vulnerabilities

2019-11-08 02:36:48

cvelist

CVE-2019-15903

2019-09-04 05:59:16

cve

CVE-2019-15903

2019-09-04 06:15:10

K34239812 : Libexpat vulnerability CVE-2019-15903

2022-08-05 00:00:00

K05295469 : Expat vulnerability CVE-2019-15903

2022-02-03 00:00:00

prion

Heap overflow

2019-09-04 06:15:00

cloudfoundry

USN-4132-1: Expat vulnerability | Cloud Foundry

2019-09-30 00:00:00

alpinelinux

CVE-2019-15903

2019-09-04 06:15:10

debiancve

CVE-2019-15903

2019-09-04 06:15:10

veracode

Denial Of Service (Dos)

2019-09-05 06:48:20

ubuntucve

CVE-2019-15903

2019-09-04 00:00:00

symantec

Libexpat Expat CVE-2019-15903 Heap Buffer Overflow Vulnerability

2019-09-04 00:00:00

centos

expat security update

2020-10-20 17:58:03

almalinux

Moderate: expat security update

2020-11-03 12:09:00

gentoo

Expat: Multiple vulnerabilities

2019-11-25 00:00:00

oraclelinux

expat security update

2020-11-10 00:00:00

expat security update

2020-10-06 00:00:00

thunderbird security update

2019-10-29 00:00:00

rocky

expat security update

2020-11-03 12:09:00

amazon

Medium: expat

2020-12-16 20:31:00

Medium: expat

2020-10-22 17:32:00

Medium: expat

2021-01-12 22:51:00

altlinux

Security fix for the ALT Linux 9 package expat version 2.2.9-alt1

2020-05-31 00:00:00

Security fix for the ALT Linux 10 package firefox-esr version 68.2.0-alt1

2019-10-27 00:00:00

Security fix for the ALT Linux 10 package thunderbird version 68.2.2-alt1

2019-11-09 00:00:00

redhat

(RHSA-2020:4484) Moderate: expat security update

2020-11-03 12:09:00

(RHSA-2020:3952) Moderate: expat security update

2020-09-29 07:46:19

(RHSA-2020:2646) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 security update

2020-06-22 13:04:38

kaspersky

KLA11624 Multiple vulnerabilities in Apple iCloud

2019-12-11 00:00:00

KLA11623 Multiple vulnerabilities in Apple iTunes

2019-12-11 00:00:00

KLA11590 Multiple vulnerabilities in Mozilla Firefox ESR

2019-10-22 00:00:00

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0254

2020-06-18 00:00:00

Important Photon OS Security Update - PHSA-2020-0254

2020-06-18 00:00:00

apple

About the security content of iCloud for Windows 10.9 - Apple Support

2020-04-05 05:12:53

About the security content of iCloud for Windows 10.9

2019-12-11 00:00:00

About the security content of iCloud for Windows 7.16

2019-12-11 00:00:00

archlinux

[ASA-201910-15] thunderbird: multiple issues

2019-10-26 00:00:00

mozilla

Security vulnerabilities fixed in - Thunderbird 68.2 — Mozilla

2019-10-22 00:00:00

Security vulnerabilities fixed in - Firefox ESR 68.2 — Mozilla

2019-10-22 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.005 Low

EPSS

Percentile

76.5%

JSON

Related for RH:CVE-2019-15903