Lucene search
K

98 matches found

Amazon
Amazon
added 2026/07/08 12:0 a.m.5 views

Important: expat

Issue Overview: In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers. CVE-2026-56132 Affected Packages: expat Note: This advisory is applicable to...

6.9CVSS6.2AI score0.00107EPSS
Exploits0
OSV
OSV
added 2026/07/06 6:28 a.m.4 views

OESA-2026-2857 expat security update

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a poli...

6.9CVSS6.2AI score0.00135EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:6 a.m.8 views

In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers.

...

6.9CVSS5.8AI score0.00107EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:5 a.m.5 views

libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen.

...

6.9CVSS5.8AI score0.00102EPSS
Exploits0
NVD
NVD
added 2026/06/21 4:16 p.m.11 views

CVE-2026-56407

libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen...

6.9CVSS0.00102EPSS
Exploits0References1
OSV
OSV
added 2026/06/21 4:16 p.m.4 views

ALPINE-CVE-2026-56407

libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen...

6.9CVSS5.8AI score0.00102EPSS
Exploits0References1
OSV
OSV
added 2026/06/21 4:16 p.m.4 views

UBUNTU-CVE-2026-56407

libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen...

6.9CVSS5.9AI score0.00102EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/21 3:49 p.m.33 views

CVE-2026-56407

libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen...

6.9CVSS0.00102EPSS
Exploits0References1
OSV
OSV
added 2026/06/21 3:49 p.m.2 views

CVE-2026-56407

libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen...

6.9CVSS6AI score0.00102EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/21 3:49 p.m.4 views

CVE-2026-56407

libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen...

6.9CVSS5.9AI score0.00102EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/21 3:49 p.m.4 views

CVE-2026-56407

libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen...

6.9CVSS5.9AI score0.00102EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/21 3:49 p.m.11 views

EUVD-2026-38184

libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen...

6.9CVSS5.9AI score0.00102EPSS
Exploits0References1
CVE
CVE
added 2026/06/21 3:49 p.m.80 views

CVE-2026-56407

CVE-2026-56407 affects libexpat prior to 2.8.2, with an integer overflow in doProlog related to storeEntityValue and entity textLen. The NVD entries confirm the issue and describe the vulnerability as an integer overflow in doProlog. The CVE entry indicates a medium base score (CVSS 3.1: AV=L, AC...

6.9CVSS5.9AI score0.00102EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/21 3:49 p.m.6 views

CVE-2026-56407

libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen...

6.9CVSS5.8AI score0.00102EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.10 views

PT-2026-51243

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description An integer overflow occurs in the doProlog function, specifically related to storeEntityValue and the entity textLen variable. An integer overflow is a condition where an arithmetic operation attemp...

6.9CVSS5.8AI score0.00102EPSS
Exploits0References7
NVD
NVD
added 2026/06/19 6:17 a.m.15 views

CVE-2026-56132

In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers...

6.9CVSS0.00107EPSS
Exploits0References1
OSV
OSV
added 2026/06/19 6:17 a.m.4 views

ALPINE-CVE-2026-56132

In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers...

6.9CVSS6AI score0.00107EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/19 5:3 a.m.7 views

Incorrect Synchronization

Overview Affected versions of this package are vulnerable to Incorrect Synchronization in the doProlog function in xmlparse.c due to improper handling of scaffold backing array reallocation when data structures are shared across multiple parsers. An attacker can achieve arbitrary code execution o...

7.5CVSS6.6AI score0.00107EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 3:0 a.m.40 views

CVE-2026-56132

In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers...

6.9CVSS0.00107EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 3:0 a.m.12 views

EUVD-2026-37977

In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers...

6.9CVSS5.6AI score0.00107EPSS
Exploits0References1
Rows per page
Query Builder