Home

CVE-2019-15903

Description

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.198

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities has been fixed in Google Chrome (78.0.3904.70)Windows
Multiple vulnerabilities has been fixed in Google Chrome (x64) (78.0.3904.70)Windows
Multiple vulnerabilities fixed in Mozilla Thunderbird (68.2.0)Windows
Multiple vulnerabilities fixed in Mozilla Thunderbird (x64) (68.2.1)Windows
Multiple vulnerabilities fixed in Mozilla Thunderbird (68.2.2)Windows
Multiple vulnerabilities fixed in Mozilla Thunderbird (x64) (68.2.2)Windows
Multiple vulnerabilities fixed in Mozilla Thunderbird (68.2.1)Windows
Multiple vulnerabilities fixed in Mozilla Thunderbird (x64) (68.2.0)Windows
Multiple vulnerabilities fixed in Mozilla Firefox (x64) (70.0)Windows
Multiple vulnerabilities fixed in Mozilla Firefox (70.0)Windows
Multiple vulnerabilities fixed in Mozilla Firefox ESR (68.2.0)Windows
Multiple vulnerabilities fixed in Mozilla Firefox ESR (x64) (68.2.0)Windows
Vulnerabilities CVE-2019-8848,CVE-2019-15903,CVE-2019-8835,CVE-2019-8844,CVE-2019-8846 are fixed in Apple iTunes (12.10.3.1)Windows
Vulnerabilities CVE-2019-8848,CVE-2019-15903,CVE-2019-8835,CVE-2019-8844,CVE-2019-8846 are fixed in iCloud 7.16 (includes AAS 8.2)Windows
Vulnerabilities CVE-2019-8848,CVE-2019-15903,CVE-2019-8835,CVE-2019-8844,CVE-2019-8846 are fixed in iCloud 10.9Windows
Multiple vulnerabilities fixed in Apple iTunes (X64) (12.10.3.1)Windows
Multiple vulnerabilities fixed in iCloud 10.9Windows
Vulnerabilities CVE-2018-20843,CVE-2019-15903,CVE-2019-16168,CVE-2021-20099,CVE-2021-20100 are fixed in Nessus 8.15.0Windows
Vulnerabilities CVE-2018-20843,CVE-2019-15903,CVE-2019-16168,CVE-2021-20099,CVE-2021-20100 are fixed in Tenable Nessus 8.15.0Windows
Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.3.0.7Windows
Vulnerabilities CVE-2019-15903,CVE-2019-9947,CVE-2019-9948 are affected in Python 2.7.16Windows
Vulnerabilities CVE-2019-15903 are affected in Python 3.5.7Windows
Vulnerabilities CVE-2019-15903 are affected in Python 3.6.9Windows
Vulnerabilities CVE-2019-15903 are affected in Python 3.7.4Windows
Vulnerabilities CVE-2019-15903 are affected in Expat XML Parser 2.2.7Windows
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (70.0)Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (70.0.1)Mac
Multiple vulnerabilities are fixed in Update for Mozilla Thunderbird For Mac (68.2.2)Mac
Multiple vulnerabilities are fixed in Update for Google Chrome For Mac (78.0.3904.70)Mac
Multiple vulnerabilities are fixed in MacOS Catalina 10.15.2Mac
Multiple vulnerabilities are fixed in MacOS Catalina 10.15.2 Combo UpdateMac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac 68.2Mac
XML parsing C library (USN-4132-1) libexpat1_2.2.5-3ubuntu0.2_i386.debLinux
XML parsing C library (USN-4132-1) libexpat1_2.2.5-3ubuntu0.2_amd64.debLinux
XML parsing C library (USN-4132-1) libexpat1_2.2.6-1ubuntu0.19.5_i386.debLinux
XML parsing C library (USN-4132-1) libexpat1_2.2.6-1ubuntu0.19.5_amd64.debLinux
XML parsing C library (USN-4132-1) libexpat1_2.1.0-7ubuntu0.16.04.5_i386.debLinux
XML parsing C library (USN-4132-1) libexpat1_2.1.0-7ubuntu0.16.04.5_amd64.debLinux
XML parsing C library (USN-4132-1) lib64expat1_2.1.0-7ubuntu0.16.04.5_i386.debLinux
expat security update(DSA-4530-1) expat_2.2.0-2+deb9u3_i386.debLinux
expat security update(DSA-4530-1) expat_2.2.0-2+deb9u3_amd64.debLinux
expat security update(DSA-4530-1) expat_2.2.6-2+deb10u1_amd64.debLinux
SUSE-SU-2019:2440-1(SUSE Linux Enterprise Desktop 12-SP4 ) expat-2.1.0-21.9.1.x86_64.rpmLinux
SUSE-SU-2019:2440-1(SUSE Linux Enterprise Desktop 12-SP4 ) expat-debuginfo-2.1.0-21.9.1.x86_64.rpmLinux
SUSE-SU-2019:2440-1(SUSE Linux Enterprise Desktop 12-SP4 ) expat-debuginfo-32bit-2.1.0-21.9.1.x86_64.rpmLinux
SUSE-SU-2019:2440-1(SUSE Linux Enterprise Desktop 12-SP4 ) expat-debugsource-2.1.0-21.9.1.x86_64.rpmLinux
SUSE-SU-2019:2440-1(SUSE Linux Enterprise Desktop 12-SP4 ) libexpat1-2.1.0-21.9.1.x86_64.rpmLinux
SUSE-SU-2019:2440-1(SUSE Linux Enterprise Desktop 12-SP4 ) libexpat1-32bit-2.1.0-21.9.1.x86_64.rpmLinux
SUSE-SU-2019:2440-1(SUSE Linux Enterprise Desktop 12-SP4 ) libexpat1-debuginfo-2.1.0-21.9.1.x86_64.rpmLinux
SUSE-SU-2019:2440-1(SUSE Linux Enterprise Desktop 12-SP4 ) libexpat1-debuginfo-32bit-2.1.0-21.9.1.x86_64.rpmLinux
Mozilla Open Source web browser (USN-4165-1) firefox_70.0+build2-0ubuntu0.16.04.1_i386.debLinux
Mozilla Open Source web browser (USN-4165-1) firefox_70.0+build2-0ubuntu0.16.04.1_amd64.debLinux
Mozilla Open Source web browser (USN-4165-1) firefox_70.0+build2-0ubuntu0.18.04.1_i386.debLinux
Mozilla Open Source web browser (USN-4165-1) firefox_70.0+build2-0ubuntu0.18.04.1_amd64.debLinux
Mozilla Open Source web browser (USN-4165-1) firefox_70.0+build2-0ubuntu0.19.04.1_i386.debLinux
Mozilla Open Source web browser (USN-4165-1) firefox_70.0+build2-0ubuntu0.19.04.1_amd64.debLinux
Mozilla Open Source web browser (USN-4165-1) firefox_70.0+build2-0ubuntu0.19.10.1_i386.debLinux
Mozilla Open Source web browser (USN-4165-1) firefox_70.0+build2-0ubuntu0.19.10.1_amd64.debLinux
firefox-esr security update(DSA-4549-1) firefox-esr_68.2.0esr-1~deb10u1_amd64.debLinux
SUSE-SU-2019:2872-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-68.2.0-109.95.2.x86_64.rpmLinux
SUSE-SU-2019:2872-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-debuginfo-68.2.0-109.95.2.x86_64.rpmLinux
SUSE-SU-2019:2872-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-debugsource-68.2.0-109.95.2.x86_64.rpmLinux
SUSE-SU-2019:2872-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-translations-common-68.2.0-109.95.2.x86_64.rpmLinux
(RHSA-2019:3756) thunderbird security update thunderbird-68.2.0-2.el6_10.i686.rpmLinux
(RHSA-2019:3756) thunderbird security update thunderbird-68.2.0-2.el6_10.x86_64.rpmLinux
thunderbird security update(DSA-4571-1) thunderbird_68.2.2-1~deb9u1_i386.debLinux
thunderbird security update(DSA-4571-1) thunderbird_68.2.2-1~deb9u1_amd64.debLinux
thunderbird security update(DSA-4571-1) thunderbird_68.2.2-1~deb10u1_i386.debLinux
thunderbird security update(DSA-4571-1) thunderbird_68.2.2-1~deb10u1_amd64.debLinux
SUSE-SU-2020:0302-1(SUSE Linux Enterprise Server 12-SP5 ) libpython3_6m1_0-3.6.10-4.3.5.x86_64.rpmLinux
SUSE-SU-2020:0302-1(SUSE Linux Enterprise Server 12-SP5 ) libpython3_6m1_0-debuginfo-3.6.10-4.3.5.x86_64.rpmLinux
SUSE-SU-2020:0302-1(SUSE Linux Enterprise Server 12-SP5 ) python36-3.6.10-4.3.5.x86_64.rpmLinux
SUSE-SU-2020:0302-1(SUSE Linux Enterprise Server 12-SP5 ) python36-base-3.6.10-4.3.5.x86_64.rpmLinux
SUSE-SU-2020:0302-1(SUSE Linux Enterprise Server 12-SP5 ) python36-base-debuginfo-3.6.10-4.3.5.x86_64.rpmLinux
SUSE-SU-2020:0302-1(SUSE Linux Enterprise Server 12-SP5 ) python36-base-debugsource-3.6.10-4.3.5.x86_64.rpmLinux
SUSE-SU-2020:0302-1(SUSE Linux Enterprise Server 12-SP5 ) python36-debuginfo-3.6.10-4.3.5.x86_64.rpmLinux
SUSE-SU-2020:0302-1(SUSE Linux Enterprise Server 12-SP5 ) python36-debugsource-3.6.10-4.3.5.x86_64.rpmLinux
Mozilla Open Source mail and newsgroup client (USN-4335-1) thunderbird_68.7.0+build1-0ubuntu0.16.04.2_i386.debLinux
Mozilla Open Source mail and newsgroup client (USN-4335-1) thunderbird_68.7.0+build1-0ubuntu0.16.04.2_amd64.debLinux
(RHSA-2020:4484) expat security update expat-2.2.5-4.el8.i686.rpmLinux
(RHSA-2020:4484) expat security update expat-2.2.5-4.el8.x86_64.rpmLinux
(RHSA-2020:4484) expat security update expat-debugsource-2.2.5-4.el8.i686.rpmLinux
(RHSA-2020:4484) expat security update expat-debugsource-2.2.5-4.el8.x86_64.rpmLinux
(RHSA-2020:4484) expat security update expat-devel-2.2.5-4.el8.i686.rpmLinux
(RHSA-2020:4484) expat security update expat-devel-2.2.5-4.el8.x86_64.rpmLinux
Multiple vulnerabilities has been fixed in Google Chrome (78.0.3904.70) (For Debian)Linux
Multiple vulnerabilities has been fixed in Google Chrome (78.0.3904.70) (For Centos)Linux
Multiple vulnerabilities has been fixed in Google Chrome (78.0.3904.70) (For RedHat)Linux
Multiple vulnerabilities has been fixed in Google Chrome (78.0.3904.70) (For Suse)Linux
Multiple vulnerabilities has been fixed in Google Chrome (78.0.3904.70) (For Ubuntu)Linux
XML Parser Toolkit, runtime libraries (USN-7199-1) libxmltok1t64_1.2-4.1ubuntu3.1_amd64.debLinux
library for rendering vector based animations and art (USN-7198-1) libxmltok1t64_1.2-4.1ubuntu3.1_amd64.debLinux
Out-of-bounds Read Vulnerability (CVE-2019-15903)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-311411Google Chrome (78.0.3904.70)
PATCH-311412Google Chrome (x64) (78.0.3904.70)
PATCH-311461Mozilla Thunderbird (68.2.0)
PATCH-311592Mozilla Thunderbird (x64) (68.2.1)
PATCH-311665Mozilla Thunderbird (68.2.2)
PATCH-311672Mozilla Thunderbird (x64) (68.2.2)
PATCH-311588Mozilla Thunderbird (68.2.1)
PATCH-311463Mozilla Thunderbird (x64) (68.2.0)
PATCH-311399Mozilla Firefox (x64) (70.0)
PATCH-311525Mozilla Firefox (70.0.1)
PATCH-311400Mozilla Firefox ESR (68.2.0)
PATCH-311401Mozilla Firefox ESR (x64) (68.2.0)
PATCH-312125Apple iTunes (12.10.3.1)
PATCH-312129iCloud (7.16.0.15)
PATCH-316162iCloud (7.21.0.23) (Deployment-Only)
PATCH-312126Apple iTunes (X64) (12.10.3.1)
PATCH-316162iCloud (7.21.0.23) (Deployment-Only)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-611353Mozilla Thunderbird For Mac (128.12.0)
PATCH-609673Google Chrome for Mac (132.0.6834.83, 132.0.6834.84)
PATCH-602673MacOS Catalina 10.15.7 - Auto Reboot
PATCH-602674macOS Catalina 10.15.7 Combo Update - Auto Reboot
PATCH-351818Expat XML Parser (2.7.3)
PATCH-612783Mozilla Firefox For Mac (145.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234