VYPR

apk package

wolfi/libexpat1

pkg:apk/wolfi/libexpat1

Vulnerabilities (14)

  • CVE-2026-56412Jun 21, 2026
    affected < 2.8.2-r0fixed 2.8.2-r0

    libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix fo

  • CVE-2026-56411Jun 21, 2026
    affected < 2.8.2-r0fixed 2.8.2-r0

    xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations.

  • CVE-2026-56410Jun 21, 2026
    affected < 2.8.2-r0fixed 2.8.2-r0

    xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId.

  • CVE-2026-56409Jun 21, 2026
    affected < 2.8.2-r0fixed 2.8.2-r0

    xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used.

  • CVE-2026-56408Jun 21, 2026
    affected < 2.8.2-r0fixed 2.8.2-r0

    libexpat before 2.8.2 has an integer overflow in copyString.

  • CVE-2026-56406Jun 21, 2026
    affected < 2.8.2-r0fixed 2.8.2-r0

    libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse.

  • CVE-2026-56405Jun 21, 2026
    affected < 2.8.2-r0fixed 2.8.2-r0

    libexpat before 2.8.2 has an integer overflow in getAttributeId.

  • CVE-2026-56404Jun 21, 2026
    affected < 2.8.2-r0fixed 2.8.2-r0

    libexpat before 2.8.2 has an integer overflow in addBinding.

  • CVE-2026-56403Jun 21, 2026
    affected < 2.8.2-r0fixed 2.8.2-r0

    libexpat before 2.8.2 has an integer overflow in storeAtts.

  • CVE-2026-56132Jun 19, 2026
    affected < 2.8.2-r0fixed 2.8.2-r0

    In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers.

  • CVE-2026-56131Jun 19, 2026
    affected < 2.8.2-r0fixed 2.8.2-r0

    libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur (similar to the CVE-2026-50219 situation).

  • CVE-2026-50219MedJun 4, 2026
    affected < 2.8.2-r0fixed 2.8.2-r0

    libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,

  • CVE-2022-43680Oct 24, 2022
    affected < 0fixed 0

    In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.

  • CVE-2022-40674Sep 14, 2022
    affected < 0fixed 0

    libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.