CVE-2024-45491 identifies an integer overflow vulnerability in the libexpat XML parsing library prior to version 2.6.3. The vulnerability exists in the dtdCopy function within the xmlparse.c source file, where the variable nDefaultAtts, representing the number of default attributes, can overflow on 32-bit platforms due to the equivalence of UINT_MAX and SIZE_MAX. This integer overflow can lead to improper memory allocation or buffer overflows during XML DTD processing, potentially causing memory corruption. Such corruption may allow attackers to disrupt program execution, leading to denial of service or, in some cases, arbitrary code execution. The vulnerability is remotely exploitable over the network without requiring privileges or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). While no exploits have been reported in the wild yet, the flaw is significant due to the widespread use of libexpat in many software products and embedded systems that rely on XML parsing. The vulnerability is categorized under CWE-190 (Integer Overflow or Wraparound), highlighting the root cause as an arithmetic overflow condition. The fix involves correcting the integer handling logic to prevent overflow and ensuring safe memory allocation. Since libexpat is a foundational library used in numerous applications and operating systems, the vulnerability's impact can be broad, especially on legacy 32-bit systems where the overflow condition is triggered.

The vulnerability impacts confidentiality, integrity, and availability by enabling memory corruption through integer overflow during XML parsing. European organizations using libexpat in critical infrastructure, embedded devices, or legacy 32-bit systems could face denial of service or potential remote code execution attacks. This is particularly concerning for sectors relying on XML for configuration, communication, or data exchange, such as telecommunications, industrial control systems, and government services. The lack of required authentication and user interaction increases the risk of automated exploitation attempts. Although no known exploits exist yet, the high CVSS score and ease of remote exploitation mean attackers could develop exploits rapidly. Disruption or compromise of systems processing XML data could lead to operational outages, data breaches, or manipulation of sensitive information, affecting business continuity and regulatory compliance within the European Union and other European countries.

1. Immediately upgrade libexpat to version 2.6.3 or later, where the integer overflow issue is fixed. 2. Conduct an inventory of all software and devices using libexpat, especially embedded and legacy 32-bit systems, to identify vulnerable instances. 3. Apply patches or updates from vendors that incorporate the fixed libexpat version. 4. For systems where immediate upgrade is not feasible, implement network-level protections such as filtering or blocking suspicious XML traffic to reduce exposure. 5. Perform thorough testing of XML processing components to detect abnormal behavior or crashes that could indicate exploitation attempts. 6. Monitor security advisories and threat intelligence feeds for emerging exploits targeting this vulnerability. 7. Employ runtime protections like address space layout randomization (ASLR) and control flow integrity (CFI) to mitigate exploitation impact. 8. Review and harden XML input validation and parsing logic in dependent applications to minimize attack surface.