expat: Fix of CVE-2026-25210

🗓️ 23 Mar 2026 14:52:23Reported by CloudLinuxType

cloudlinux

cloudlinux🔗 repo.cloudlinux.com👁 6 Views

Expat fix for memory corruption caused by integer overflow in doContent during tag buffer reallocation.

Reporter	Title	Published	Views	Family All 199
FreeBSD	expat -- multiple vulnerabilities	31 Jan 202600:00	–	freebsd
IBM Security Bulletins	Security Bulletin: AIX/VIOS Python is vulnerable to a null pointer dereference (CVE-2026-24515) and an integer overflow (CVE-2026-25210)	17 Mar 202622:03	–	ibm
IBM Security Bulletins	Security Bulletin: AIX/VIOS Perl is vulnerable to a null pointer dereference (CVE-2026-24515) and an integer overflow (CVE-2026-25210)	17 Mar 202622:04	–	ibm
ATTACKERKB	CVE-2026-25210	30 Jan 202606:40	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : firefox (ALAS2023-2026-1424)	19 Feb 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : expat, expat-devel, expat-static (ALAS2023-2026-1425)	19 Feb 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : expat, --advisory ALAS2-2026-3170 (ALAS-2026-3170)	19 Feb 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : thunderbird, --advisory ALAS2-2026-3171 (ALAS-2026-3171)	19 Feb 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : firefox, --advisory ALAS2FIREFOX-2026-051 (ALASFIREFOX-2026-051)	19 Feb 202600:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.10.1 : expat (EulerOS-SA-2026-2018)	6 Jun 202600:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Centos	6	i686	expat	2.0.1	expat-2.0.1-13.el6_8.tuxcare.els7.src.rpm
Centos	6	x86_64	expat	2.0.1	expat-2.0.1-13.el6_8.tuxcare.els7.src.rpm
Centos	6	i686	expat-devel	2.0.1	expat-2.0.1-13.el6_8.tuxcare.els7.src.rpm
Centos	6	x86_64	expat-devel	2.0.1	expat-2.0.1-13.el6_8.tuxcare.els7.src.rpm

23 Mar 2026 14:52Current

6Medium risk

Vulners AI Score6

CVSS 3.16.9 - 7.8

EPSS0.00186

SSVC

expat memory corruption integer overflow doContent tag buffer reallocation unix