VYPR
Medium severity6.9OSV Advisory· Published Jan 30, 2026· Updated Jun 2, 2026

CVE-2026-25210

CVE-2026-25210

Description

In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

17

Patches

Vulnerability mechanics

References

3

News mentions

1