Libexpat

libexpat

CVEs (49)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-7210 2Libexpat Project Python 2Libexpat Python Jun 1, 2026 May 11, 2026 6.3 MEDIUM· v4 9.8 CRITICAL· v3 N/A· v2 `xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requir...Show more `xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this vulnerability requires both updating libexpat to 2.8.0 or later and applying this patch.Show less
CVE-2026-45186 1Libexpat Project 1Libexpat May 14, 2026 May 10, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.
CVE-2026-41080 1Libexpat Project 1Libexpat Apr 27, 2026 Apr 16, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.
CVE-2026-32778 1Libexpat Project 1Libexpat Mar 17, 2026 Mar 16, 2026 N/A· v4 5.5 MEDIUM· v3 N/A· v2 libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.
CVE-2026-32777 1Libexpat Project 1Libexpat Mar 17, 2026 Mar 16, 2026 N/A· v4 5.5 MEDIUM· v3 N/A· v2 libexpat before 2.7.5 allows an infinite loop while parsing DTD content.
CVE-2026-32776 1Libexpat Project 1Libexpat Mar 17, 2026 Mar 16, 2026 N/A· v4 5.5 MEDIUM· v3 N/A· v2 libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.
CVE-2026-25210 1Libexpat Project 1Libexpat Jun 2, 2026 Jan 30, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.
CVE-2026-24515 1Libexpat Project 1Libexpat Jun 2, 2026 Jan 23, 2026 N/A· v4 2.5 LOW· v3 N/A· v2 In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.
CVE-2025-66382 1Libexpat Project 1Libexpat Jun 2, 2026 Nov 28, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.
CVE-2025-59375 1Libexpat Project 1Libexpat May 12, 2026 Sep 15, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.
CVE-2024-50602 3Debian Libexpat ProjectNetapp 12Active Iq Unified Manager Debian LinuxH300s Firmware+9 more Oct 15, 2025 Oct 27, 2024 N/A· v4 5.9 MEDIUM· v3 N/A· v2 An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.
CVE-2024-45492 1Libexpat Project 1Libexpat May 12, 2026 Aug 30, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
CVE-2024-45491 1Libexpat Project 1Libexpat May 12, 2026 Aug 30, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
CVE-2024-45490 1Libexpat Project 1Libexpat May 12, 2026 Aug 30, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
CVE-2024-28757 3Fedoraproject Libexpat ProjectNetapp 14Active Iq Unified Manager FedoraH300s Firmware+11 more Nov 4, 2025 Mar 10, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
CVE-2023-52426 1Libexpat Project 1Libexpat Nov 4, 2025 Feb 4, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.
CVE-2023-52425 1Libexpat Project 1Libexpat Nov 4, 2025 Feb 4, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
CVE-2022-43680 4Debian FedoraprojectLibexpat Project+1 more 12Active Iq Unified Manager Debian LinuxFedora+9 more May 30, 2025 Oct 24, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
CVE-2022-40674 3Debian FedoraprojectLibexpat Project 3Debian Linux FedoraLibexpat May 30, 2025 Sep 14, 2022 N/A· v4 8.1 HIGH· v3 N/A· v2 libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
CVE-2022-25315 5Debian FedoraprojectLibexpat Project+2 more 6Debian Linux FedoraHttp Server+3 more May 5, 2025 Feb 18, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

12 3 Next