VYPR
Vendor

Libexpat Project

Products
4
CVEs
63
Across products
74
Status
Private

Products

4

Recent CVEs

63
View all 63 CVEs →
  • CVE-2016-0718CriMay 26, 2016
    risk 0.65cvss 9.8epss 0.13

    Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers a buffer overflow.

  • CVE-2024-45492CriAug 30, 2024
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

  • CVE-2024-45491CriAug 30, 2024
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

  • CVE-2016-9063CriJun 11, 2018
    risk 0.57cvss 9.8epss 0.06

    An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.

  • CVE-2016-4472HigJun 30, 2016
    risk 0.54cvss 8.1epss 0.12

    The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix…

  • CVE-2017-11742HigJul 30, 2017
    risk 0.51cvss 7.8epss 0.00

    The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working directory because of an untrusted search path, aka DLL hijacking.

  • CVE-2024-45490HigAug 30, 2024
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.

  • CVE-2017-9233HigJul 25, 2017
    risk 0.49cvss 7.5epss 0.09

    XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.

  • CVE-2016-5300HigJun 16, 2016
    risk 0.49cvss 7.5epss 0.07

    The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an XML document. NOTE: this vulnerability exists because of an incomplete fix for…

  • CVE-2025-59375HigSep 15, 2025
    risk 0.42cvss 7.5epss 0.01

    libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.

  • CVE-2024-8176HigMar 14, 2025
    risk 0.42cvss 7.5epss 0.02

    A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and…

  • CVE-2012-6702MedJun 16, 2016
    risk 0.39cvss 5.9epss 0.02

    Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors involving use of the srand function.

  • CVE-2026-25210MedJan 30, 2026
    risk 0.38cvss 6.9epss 0.00

    In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.

  • CVE-2026-50219MedJun 4, 2026
    risk 0.25cvss 4.9epss 0.00

    libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,

  • CVE-2025-66382LowNov 28, 2025
    risk 0.19cvss 2.9epss 0.00

    In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.

  • CVE-2026-45186LowMay 10, 2026
    risk 0.12cvss 2.9epss 0.00

    In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.

  • CVE-2026-41080LowApr 16, 2026
    risk 0.12cvss 2.9epss 0.00

    libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.

  • CVE-2026-24515LowJan 23, 2026
    risk 0.12cvss 2.9epss 0.00

    In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.

  • CVE-2022-25236Feb 16, 2022
    risk 0.03cvss epss 0.34

    xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.

  • CVE-2015-1283Jul 23, 2015
    risk 0.02cvss epss 0.19

    Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via…