86 matches found
Medium: thunderbird
Issue Overview: HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hbmalloc returns NULL before using placement new to construc...
OESA-2026-1295 expat security update
expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no...
Security update for expat
This update for expat fixes the following issues: CVE-2026-24515: Fixed a null dereference in XMLExternalEntityParserCreate. bsc1257144 CVE-2026-25210: Fixed an integer overflow in doContent. bsc1257496 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods...
MGASA-2026-0031 Updated expat packages fix security vulnerabilities
In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data. CVE-2026-24515 In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation...
SUSE CVE-2026-25210
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation...
expat -- multiple vulnerabilities
expat team reports: Update contains 2 security fixes: CVE-2026-24515: NULL dereference in function XMLExternalEntityParserCreate CVE-2026-25210: missing check for integer overflow in function doContent...
CVE-2026-25210
A flaw was found in libexpat. A local attacker could exploit an integer overflow vulnerability in the doContent function. This flaw occurs because the buffer size is not properly determined during tag buffer reallocation, which can lead to memory corruption. Successful exploitation may result in...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the doContent function in xmlparse.c. An attacker can cause memory corruption or potentially execute arbitrary code by providing specially crafted input that triggers an integer overflow. Remediation...
ALPINE-CVE-2026-25210
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation...
AZL-76340 CVE-2026-25210 affecting package expat for versions less than 2.6.4-4
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation...
CVE-2026-25210
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation...
UBUNTU-CVE-2026-25210
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation...
CVE-2026-25210
CVE-2026-25210 affects libexpat prior to 2.7.4, where doContent may miscompute bufSize due to missing integer overflow check during tag buffer reallocation. Multiple connected sources confirm the issue and reference a fix in updated expat releases; remediation is to update to a version including ...
CVE-2026-25210
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation...
EUVD-2026-5042
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation...
CVE-2026-25210
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation...
CVE-2026-25210
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation...
libexpat input validation vulnerability
libexpat is a streaming XML parser written in C language by the libexpat team. Versions of libexpat prior to 2.7.4 had a vulnerability related to input validation errors. This vulnerability stemmed from a lack of integer overflow checks in the doContent function, which could lead to incorrect...
CVE-2026-25210
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation...
PT-2026-5383
Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.7.4 Description The doContent function in libexpat does not correctly calculate the buffer size bufSize when reallocating memory for tags, due to a missing integer overflow check. This can lead to potential issues...