562 matches found
ROOT-OS-DEBIAN-12-CVE-2026-41080 CVE-2026-41080 in rootio-expat - Patched by Root
Root has patched CVE-2026-41080 in the rootio-expat package for Root:Debian:12. Multiple fixed versions available...
GHSA-XQW9-F65G-5QXW vulnerabilities
Vulnerabilities for packages: expat...
CVE-2026-56404 vulnerabilities
Vulnerabilities for packages: expat...
Astra Linux – Vulnerability in expat
In libexpat before version 2.7.4, the doContent function does not properly determine the buffer size bufSize, as there is no check for integer overflow during the reallocation of the tag buffer...
UBUNTU-CVE-2026-56412
libexpat before 2.8.2 does not consider XMLTOKDATACHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219...
CVE-2026-56407
libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen...
ALPINE-CVE-2026-56405
libexpat before 2.8.2 has an integer overflow in getAttributeId...
ALPINE-CVE-2026-56404
libexpat before 2.8.2 has an integer overflow in addBinding...
CVE-2026-56403
libexpat before 2.8.2 has an integer overflow in storeAtts...
UBUNTU-CVE-2026-56403
libexpat before 2.8.2 has an integer overflow in storeAtts...
UBUNTU-CVE-2026-56405
libexpat before 2.8.2 has an integer overflow in getAttributeId...
UBUNTU-CVE-2026-56406
libexpat before 2.8.2 has an integer overflow in XMLParseBuffer because it lacked a check that was present in XMLParse...
CVE-2026-56412
In the connected CVE data, libexpat before 2.8.2 is affected: the XML_TOK_DATA_CHARS handling in doCdataSection lacks proper handler call depth tracking, enabling a use-after-free under certain policy violations. This stems from an incomplete fix for CVE-2026-50219. CVSS indicates LOCAL attack ve...
EUVD-2026-38188
xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations...
CVE-2026-56410
xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId...
CVE-2026-56409
xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used...
EUVD-2026-38184
libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen...
CVE-2026-56406
libexpat before 2.8.2 has an integer overflow in XMLParseBuffer because it lacked a check that was present in XMLParse...
CVE-2026-56405
libexpat before 2.8.2 has an integer overflow in getAttributeId...
CVE-2026-56405
libexpat before 2.8.2 has an integer overflow in getAttributeId...