4 matches found
OESA-2026-1295 expat security update
expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no...
PT-2026-5383
Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.7.4 Description The doContent function in libexpat does not correctly calculate the buffer size bufSize when reallocating memory for tags, due to a missing integer overflow check. This can lead to potential issues...
expat: a use-after-free in the doContent function in xmlparse.c
A vulnerability was found in expat. With this flaw, it is possible to create a situation in which parsing is suspended while substituting in an internal entity so that XMLResumeParser directly uses the internalEntityProcessor as its processor. If the subsequent parse includes some unclosed tags,...
expat: a use-after-free in the doContent function in xmlparse.c
A vulnerability was found in expat. With this flaw, it is possible to create a situation in which parsing is suspended while substituting in an internal entity so that XMLResumeParser directly uses the internalEntityProcessor as its processor. If the subsequent parse includes some unclosed tags,...