Medium severity6.9OSV Advisory· Published Jan 30, 2026· Updated Jun 2, 2026
CVE-2026-25210
CVE-2026-25210
Description
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
17REC1_0, R_1_95_0, R_1_95_2, …+ 2 more
- (no CPE)range: REC1_0, R_1_95_0, R_1_95_2, …
- cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*range: <2.7.4
- (no CPE)range: <2.7.4
- osv-coords14 versionspkg:rpm/opensuse/expat&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/expat&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/expat&distro=openSUSE%20Tumbleweedpkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/expat&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/expat&distro=SUSE%20Linux%20Micro%206.1pkg:rpm/suse/expat&distro=SUSE%20Linux%20Micro%206.2
< 2.7.1-150400.3.34.1+ 13 more
- (no CPE)range: < 2.7.1-150400.3.34.1
- (no CPE)range: < 2.7.1-160000.4.1
- (no CPE)range: < 2.7.4-1.1
- (no CPE)range: < 2.7.1-150000.3.42.1
- (no CPE)range: < 2.7.1-150400.3.34.1
- (no CPE)range: < 2.7.1-150400.3.34.1
- (no CPE)range: < 2.7.1-150400.3.34.1
- (no CPE)range: < 2.7.1-150700.3.9.2
- (no CPE)range: < 2.7.1-160000.4.1
- (no CPE)range: < 2.7.1-160000.4.1
- (no CPE)range: < 2.7.1-21.49.1
- (no CPE)range: < 2.7.1-4.1
- (no CPE)range: < 2.7.1-slfo.1.1_4.1
- (no CPE)range: < 2.7.1-160000.4.1
Patches
Vulnerability mechanics
References
3News mentions
1- Hitachi Energy RTU500CISA ICS Advisories