CVE-2024-45490
CVE Details
Visit the official vulnerability details page for CVE-2024-45490 to learn more.
Initial Publication
10/25/2024
Last Update
09/21/2025
Third Party Dependency
libexpat
NIST CVE Summary
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
CVE Severity
Our Official Summary
This CVE is a critical vulnerability affecting images using libexpat libraries versions prior to 2.6.3, where the function xmlparse.c fails to reject negative lengths in XML_ParseBuffer. This vulnerability can be exploited over a network without user interaction and has very low attack complexity. Not all of the images affected use the specific function affected. Exploiting this vulnerable library will require a user to compromise the containers and gain privileged access. Fix available in libexpat versions > 2.6.3. Investigating upgrading this library within the affected images.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.7.20 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ⚠️ Impacted |
| 4.6.41 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
| 4.5.22 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
| 4.4.20 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
Revision History
No revisions available.