VYPR

Libexpat

by Libexpat Project

Source repositories

CVEs (55)

  • CVE-2009-3560Dec 4, 2009
    risk 0.02cvss epss 0.24

    The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read,…

  • CVE-2009-3720Nov 3, 2009
    risk 0.02cvss epss 0.28

    The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that…

  • CVE-2026-56412Jun 21, 2026
    risk 0.00cvss epss 0.00

    libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix…

  • CVE-2026-56411Jun 21, 2026
    risk 0.00cvss epss 0.00

    xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations.

  • CVE-2026-56410Jun 21, 2026
    risk 0.00cvss epss 0.00

    xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId.

  • CVE-2026-56409Jun 21, 2026
    risk 0.00cvss epss 0.00

    xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used.

  • CVE-2026-56408Jun 21, 2026
    risk 0.00cvss epss 0.00

    libexpat before 2.8.2 has an integer overflow in copyString.

  • CVE-2026-56407Jun 21, 2026
    risk 0.00cvss epss 0.00

    libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen.

  • CVE-2026-56406Jun 21, 2026
    risk 0.00cvss epss 0.00

    libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse.

  • CVE-2026-56405Jun 21, 2026
    risk 0.00cvss epss 0.00

    libexpat before 2.8.2 has an integer overflow in getAttributeId.

  • CVE-2026-56404Jun 21, 2026
    risk 0.00cvss epss 0.00

    libexpat before 2.8.2 has an integer overflow in addBinding.

  • CVE-2026-56403Jun 21, 2026
    risk 0.00cvss epss 0.00

    libexpat before 2.8.2 has an integer overflow in storeAtts.

  • CVE-2026-56132Jun 19, 2026
    risk 0.00cvss epss 0.00

    In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers.

  • CVE-2026-56131Jun 19, 2026
    risk 0.00cvss epss 0.00

    libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur (similar to the CVE-2026-50219 situation).

  • CVE-2026-32778Mar 16, 2026
    risk 0.00cvss epss 0.00

    libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.

  • CVE-2026-32777Mar 16, 2026
    risk 0.00cvss epss 0.00

    libexpat before 2.7.5 allows an infinite loop while parsing DTD content.

  • CVE-2026-32776Mar 16, 2026
    risk 0.00cvss epss 0.00

    libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.

  • CVE-2024-50602Oct 27, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.

  • CVE-2024-28757Mar 10, 2024
    risk 0.00cvss epss 0.02

    libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).

  • CVE-2023-52425Feb 4, 2024
    risk 0.00cvss epss 0.02

    libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.