{"id":"ASB-A-221384482","details":"(from https://nvd.nist.gov/vuln/detail/CVE-2022-25314) In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.\n\nIn copyString of xmlparse.c, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-221384482","CVE-2022-25314"],"modified":"2026-03-11T06:19:08.892333Z","published":"2022-09-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-09-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/external/expat/+/16ca7a9401c288814a087b7d5992683eb2d93605"}],"affected":[{"package":{"name":"platform/external/expat","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-09-01"}]}],"versions":["10"],"ecosystem_specific":{"severity":"High","types":["EoP"],"fixes":["https://android.googlesource.com/platform/external/expat/+/e25c84037506951dfe74a5fae1627fe22bc0ebf4"],"vanir_signatures":[{"digest":{"line_hashes":["251351171225339159845890553705570564797","164918534945545609943095131435131728788","21341780531121385281976066736211690096","58231789298183371698712259707035082402"],"threshold":0.9},"deprecated":false,"target":{"file":"lib/xmlparse.c"},"signature_type":"Line","id":"ASB-A-221384482-bc0ed9d9","source":"https://android.googlesource.com/platform/external/expat/+/e25c84037506951dfe74a5fae1627fe22bc0ebf4","signature_version":"v1"}],"spl":"2022-09-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-221384482.json"}},{"package":{"name":"platform/external/expat","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-09-01"}]}],"versions":["11"],"ecosystem_specific":{"severity":"High","types":["EoP"],"fixes":["https://android.googlesource.com/platform/external/expat/+/72de6c81aa02d48ed86b96d2e29d773086fb7d4c"],"vanir_signatures":[{"digest":{"line_hashes":["153767891610917889605003169127446491132","44913918909586163993101308885805781242","157451433911188244556951417651835841343","58231789298183371698712259707035082402"],"threshold":0.9},"deprecated":false,"target":{"file":"lib/xmlparse.c"},"signature_type":"Line","id":"ASB-A-221384482-14bfa805","source":"https://android.googlesource.com/platform/external/expat/+/72de6c81aa02d48ed86b96d2e29d773086fb7d4c","signature_version":"v1"}],"spl":"2022-09-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-221384482.json"}},{"package":{"name":"platform/external/expat","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-09-01"}]}],"versions":["12"],"ecosystem_specific":{"severity":"High","types":["EoP"],"fixes":["https://android.googlesource.com/platform/external/expat/+/fe3486a743af350becbed5cf10a56195a4a8756f"],"vanir_signatures":[{"digest":{"line_hashes":["153767891610917889605003169127446491132","44913918909586163993101308885805781242","157451433911188244556951417651835841343","58231789298183371698712259707035082402"],"threshold":0.9},"deprecated":false,"target":{"file":"lib/xmlparse.c"},"signature_type":"Line","id":"ASB-A-221384482-feca0826","source":"https://android.googlesource.com/platform/external/expat/+/fe3486a743af350becbed5cf10a56195a4a8756f","signature_version":"v1"}],"spl":"2022-09-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-221384482.json"}},{"package":{"name":"platform/external/expat","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-09-01"}]}],"versions":["12L"],"ecosystem_specific":{"severity":"High","types":["EoP"],"fixes":["https://android.googlesource.com/platform/external/expat/+/16ca7a9401c288814a087b7d5992683eb2d93605"],"vanir_signatures":[{"digest":{"line_hashes":["153767891610917889605003169127446491132","44913918909586163993101308885805781242","157451433911188244556951417651835841343","58231789298183371698712259707035082402"],"threshold":0.9},"deprecated":false,"target":{"file":"lib/xmlparse.c"},"signature_type":"Line","id":"ASB-A-221384482-7d370f05","source":"https://android.googlesource.com/platform/external/expat/+/16ca7a9401c288814a087b7d5992683eb2d93605","signature_version":"v1"}],"spl":"2022-09-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-221384482.json"}}],"schema_version":"1.7.5"}