Known Vulnerabilities for products from Libexpat Project
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Libexpat Project".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-56412 json | libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for v... | Not Provided | 2026-06-21 | 2026-06-23 |
| CVE-2026-56411 json | xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations. | Not Provided | 2026-06-21 | 2026-06-23 |
| CVE-2026-56410 json | xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId. | Not Provided | 2026-06-21 | 2026-06-23 |
| CVE-2026-56409 json | xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used. | Not Provided | 2026-06-21 | 2026-06-23 |
| CVE-2026-56408 json | libexpat before 2.8.2 has an integer overflow in copyString. | Not Provided | 2026-06-21 | 2026-06-23 |
| CVE-2026-56407 json | libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen. | Not Provided | 2026-06-21 | 2026-06-23 |
| CVE-2026-56406 json | libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse. | Not Provided | 2026-06-21 | 2026-06-23 |
| CVE-2026-56405 json | libexpat before 2.8.2 has an integer overflow in getAttributeId. | Not Provided | 2026-06-21 | 2026-06-23 |
| CVE-2026-56404 json | libexpat before 2.8.2 has an integer overflow in addBinding. | Not Provided | 2026-06-21 | 2026-06-23 |
| CVE-2026-56403 json | libexpat before 2.8.2 has an integer overflow in storeAtts. | Not Provided | 2026-06-21 | 2026-06-23 |
| CVE-2026-56132 json | In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array real... | Not Provided | 2026-06-19 | 2026-06-23 |
| CVE-2026-56131 json | libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a poli... | Not Provided | 2026-06-19 | 2026-06-23 |
| CVE-2026-50219 json | libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFre... | Not Provided | 2026-06-04 | 2026-06-04 |
| CVE-2026-45186 json | In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via mode... | Not Provided | 2026-05-10 | 2026-06-30 |
| CVE-2026-41080 json | libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. | Not Provided | 2026-04-16 | 2026-06-12 |
| CVE-2026-25210 json | In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no inte... | Not Provided | 2026-01-30 | 2026-06-02 |
| CVE-2026-24515 json | In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data. | Not Provided | 2026-01-23 | 2026-06-02 |
| CVE-2025-66382 json | In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time. | Not Provided | 2025-11-28 | 2026-06-02 |
| CVE-2025-59375 json | libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is subm... | Not Provided | 2025-09-15 | 2026-05-12 |
| CVE-2024-45492 json | An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize... | Not Provided | 2024-08-30 | 2026-05-12 |
Known software with vulnerabilities from Libexpat Project
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Libexpat Project | Libexpat | - |