apk package
wolfi/expat
pkg:apk/wolfi/expat
Vulnerabilities (12)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-56412 | — | < 2.8.2-r0 | 2.8.2-r0 | Jun 21, 2026 | libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix fo | ||
| CVE-2026-56411 | — | < 2.8.2-r0 | 2.8.2-r0 | Jun 21, 2026 | xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations. | ||
| CVE-2026-56410 | — | < 2.8.2-r0 | 2.8.2-r0 | Jun 21, 2026 | xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId. | ||
| CVE-2026-56409 | — | < 2.8.2-r0 | 2.8.2-r0 | Jun 21, 2026 | xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used. | ||
| CVE-2026-56408 | — | < 2.8.2-r0 | 2.8.2-r0 | Jun 21, 2026 | libexpat before 2.8.2 has an integer overflow in copyString. | ||
| CVE-2026-56405 | — | < 2.8.2-r0 | 2.8.2-r0 | Jun 21, 2026 | libexpat before 2.8.2 has an integer overflow in getAttributeId. | ||
| CVE-2026-56404 | — | < 2.8.2-r0 | 2.8.2-r0 | Jun 21, 2026 | libexpat before 2.8.2 has an integer overflow in addBinding. | ||
| CVE-2026-56403 | — | < 2.8.2-r0 | 2.8.2-r0 | Jun 21, 2026 | libexpat before 2.8.2 has an integer overflow in storeAtts. | ||
| CVE-2026-56132 | — | < 2.8.2-r0 | 2.8.2-r0 | Jun 19, 2026 | In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers. | ||
| CVE-2026-50219 | Med | 4.9 | < 2.8.2-r0 | 2.8.2-r0 | Jun 4, 2026 | libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur, | |
| CVE-2022-43680 | — | < 0 | 0 | Oct 24, 2022 | In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. | ||
| CVE-2022-40674 | — | < 0 | 0 | Sep 14, 2022 | libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. |
- CVE-2026-56412Jun 21, 2026affected < 2.8.2-r0fixed 2.8.2-r0
libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix fo
- CVE-2026-56411Jun 21, 2026affected < 2.8.2-r0fixed 2.8.2-r0
xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations.
- CVE-2026-56410Jun 21, 2026affected < 2.8.2-r0fixed 2.8.2-r0
xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId.
- CVE-2026-56409Jun 21, 2026affected < 2.8.2-r0fixed 2.8.2-r0
xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used.
- CVE-2026-56408Jun 21, 2026affected < 2.8.2-r0fixed 2.8.2-r0
libexpat before 2.8.2 has an integer overflow in copyString.
- CVE-2026-56405Jun 21, 2026affected < 2.8.2-r0fixed 2.8.2-r0
libexpat before 2.8.2 has an integer overflow in getAttributeId.
- CVE-2026-56404Jun 21, 2026affected < 2.8.2-r0fixed 2.8.2-r0
libexpat before 2.8.2 has an integer overflow in addBinding.
- CVE-2026-56403Jun 21, 2026affected < 2.8.2-r0fixed 2.8.2-r0
libexpat before 2.8.2 has an integer overflow in storeAtts.
- CVE-2026-56132Jun 19, 2026affected < 2.8.2-r0fixed 2.8.2-r0
In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers.
- affected < 2.8.2-r0fixed 2.8.2-r0
libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,
- CVE-2022-43680Oct 24, 2022affected < 0fixed 0
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
- CVE-2022-40674Sep 14, 2022affected < 0fixed 0
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.