CVE-2024-45490

CVE Details

Visit the official vulnerability details page for CVE-2024-45490 to learn more.

Initial Publication

10/25/2024

Last Update

08/06/2025

Third Party Dependency

libexpat

NIST CVE Summary

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.

CVE Severity

7.5

Our Official Summary

This CVE is a critical vulnerability affecting images using libexpat libraries versions prior to 2.6.3, where the function xmlparse.c fails to reject negative lengths in XML_ParseBuffer. This vulnerability can be exploited over a network without user interaction and has very low attack complexity. Not all of the images affected use the specific function affected. Exploiting this vulnerable library will require a user to compromise the containers and gain privileged access. Fix available in libexpat versions > 2.6.3. Investigating upgrading this library within the affected images.

Status

Ongoing

Affected Products & Versions

Version	Palette Enterprise	Palette Enterprise Airgap	VerteX	VerteX Airgap
4.7.16	⚠️ Impacted	✅ No Impact	⚠️ Impacted	⚠️ Impacted
4.6.41	⚠️ Impacted	⚠️ Impacted	⚠️ Impacted	⚠️ Impacted
4.5.22	⚠️ Impacted	⚠️ Impacted	⚠️ Impacted	⚠️ Impacted
4.4.20	⚠️ Impacted	⚠️ Impacted	⚠️ Impacted	⚠️ Impacted

Revision History

No revisions available.

CVE Details​

Initial Publication​

Last Update​

Third Party Dependency​

NIST CVE Summary​

CVE Severity​

Our Official Summary​

Status​

Affected Products & Versions​

Revision History​