99 matches found
Amazon Linux 2 : expat, --advisory ALAS2-2026-3495 (ALAS-2026-3495)
The version of expat installed on the remote host is prior to 2.1.0-15. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3495 advisory. In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocatio...
Important: expat
Issue Overview: In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers. CVE-2026-56132 Affected Packages: expat Note: This advisory is applicable to...
OESA-2026-2857 expat security update
expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial. Security Fixes: libexpat before 2.8.2 lacks handler call depth tracking for calls to XMLResumeParser from within handlers in cases of a poli...
In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers.
...
libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen.
...
CVE-2026-56407
libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen...
ALPINE-CVE-2026-56407
libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen...
UBUNTU-CVE-2026-56407
libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen...
CVE-2026-56407
CVE-2026-56407 affects libexpat prior to 2.8.2, with an integer overflow in doProlog related to storeEntityValue and entity textLen. The NVD entries confirm the issue and describe the vulnerability as an integer overflow in doProlog. The CVE entry indicates a medium base score (CVSS 3.1: AV=L, AC...
CVE-2026-56407
libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen...
EUVD-2026-38184
libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen...
CVE-2026-56407
libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen...
CVE-2026-56407
libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen...
CVE-2026-56407
libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen...
CVE-2026-56407
libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen...
PT-2026-51243
Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description An integer overflow occurs in the doProlog function, specifically related to storeEntityValue and the entity textLen variable. An integer overflow is a condition where an arithmetic operation attemp...
ALPINE-CVE-2026-56132
In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers...
CVE-2026-56132
In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers...
Incorrect Synchronization
Overview Affected versions of this package are vulnerable to Incorrect Synchronization in the doProlog function in xmlparse.c due to improper handling of scaffold backing array reallocation when data structures are shared across multiple parsers. An attacker can achieve arbitrary code execution o...
CVE-2026-56132
CVE-2026-56132 affects libexpat prior to 2.8.2, where a heap-based buffer overflow occurs in doProlog within xmlparse.c due to mishandled reallocation of the scaffold backing array when data-structure sharing occurs across parsers. The CVSS metrics indicate a high impact on confidentiality and in...