CVE-2026-25210

Medium CVSS: 6.9

In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.

Vendor

Libexpat Project

Product

Libexpat

CWE

CWE-190

Yayın Tarihi

2026-01-30 07:16:15

Güncelleme

2026-03-10 18:17:12

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-190 Libexpat MEDIUM Libexpat Project 2026

Referanslar

https://github.com/libexpat/libexpat/pull/1075 https://github.com/libexpat/libexpat/pull/1075/commits/9c2d990389e6abe2e44527eeaa8b39f16fe859c7

Benzer Kayıtlar

Medium

CVE-2026-32776

libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.

Medium

CVE-2026-32777

libexpat before 2.7.5 allows an infinite loop while parsing DTD content.

Low

CVE-2026-32778

libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memo…

Low

CVE-2026-24515

In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.

Low

CVE-2025-66382

In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing…

High

CVE-2025-59375

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is…