apk package
wolfi/expat-doc
pkg:apk/wolfi/expat-doc
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-56409 | — | < 2.8.2-r0 | 2.8.2-r0 | Jun 21, 2026 | xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used. | ||
| CVE-2026-56406 | — | < 2.8.2-r0 | 2.8.2-r0 | Jun 21, 2026 | libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse. | ||
| CVE-2026-56403 | — | < 2.8.2-r0 | 2.8.2-r0 | Jun 21, 2026 | libexpat before 2.8.2 has an integer overflow in storeAtts. | ||
| CVE-2022-43680 | — | < 0 | 0 | Oct 24, 2022 | In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. | ||
| CVE-2022-40674 | — | < 0 | 0 | Sep 14, 2022 | libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. |
- CVE-2026-56409Jun 21, 2026affected < 2.8.2-r0fixed 2.8.2-r0
xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used.
- CVE-2026-56406Jun 21, 2026affected < 2.8.2-r0fixed 2.8.2-r0
libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse.
- CVE-2026-56403Jun 21, 2026affected < 2.8.2-r0fixed 2.8.2-r0
libexpat before 2.8.2 has an integer overflow in storeAtts.
- CVE-2022-43680Oct 24, 2022affected < 0fixed 0
In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
- CVE-2022-40674Sep 14, 2022affected < 0fixed 0
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.