3738 matches found
UBUNTU-CVE-2026-56412
libexpat before 2.8.2 does not consider XMLTOKDATACHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219...
CVE-2026-56407
libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen...
CVE-2026-56403
libexpat before 2.8.2 has an integer overflow in storeAtts...
UBUNTU-CVE-2026-56407
libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen...
UBUNTU-CVE-2026-56406
libexpat before 2.8.2 has an integer overflow in XMLParseBuffer because it lacked a check that was present in XMLParse...
UBUNTU-CVE-2026-56403
libexpat before 2.8.2 has an integer overflow in storeAtts...
UBUNTU-CVE-2026-56405
libexpat before 2.8.2 has an integer overflow in getAttributeId...
CVE-2026-56412
In the connected CVE data, libexpat before 2.8.2 is affected: the XML_TOK_DATA_CHARS handling in doCdataSection lacks proper handler call depth tracking, enabling a use-after-free under certain policy violations. This stems from an incomplete fix for CVE-2026-50219. CVSS indicates LOCAL attack ve...
EUVD-2026-38188
xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations...
CVE-2026-56409
xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used...
EUVD-2026-38184
libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen...
CVE-2026-56406
libexpat before 2.8.2 has an integer overflow in XMLParseBuffer because it lacked a check that was present in XMLParse...
CVE-2026-56405
libexpat before 2.8.2 has an integer overflow in getAttributeId...
CVE-2026-56405
libexpat before 2.8.2 has an integer overflow in getAttributeId...
CVE-2026-56404
CVE-2026-56404 affects libexpat before 2.8.2, where an integer overflow occurs in addBinding. This is the only detail provided; no exploitation or remediation information is included in the supplied documents.
CVE-2026-56403
libexpat before 2.8.2 has an integer overflow in storeAtts...
Linux Distros Unpatched Vulnerability : CVE-2026-56405
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libexpat before 2.8.2 has an integer overflow in getAttributeId. CVE-2026-56405 Note that Nessus relies on the presence of the package as reported by the vendor...
Astra Linux – Vulnerabilities in Firefox, Thunderbird, Expat, LibXMLTok
The addBinding method in xmlparse.c within Expat also known as libexpat has an integer overflow issue before version 2.4.3...
Astra Linux – Vulnerability in libxmltok
In the libexpat library in ExPat before version 2.2.7, XML input containing XML elements with a large number of colons could cause the XML parser to consume a high amount of RAM and CPU resources during processing. This behavior could potentially be exploited in denial-of-service attacks...
Astra Linux – Vulnerabilities in Firefox, Thunderbird, Expat, LibXMLTok
In doProlog, within xmlparse.c of the Expat library also known as libexpat, there is an integer overflow issue related to mgroupSize before version 2.4.3...