Lucene search
K

1281 matches found

Microsoft CVE
Microsoft CVE
added 2026/06/27 8:7 a.m.24 views

libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur (similar to the CVE-2026-50219 situation).

...

5.9CVSS5.8AI score0.00218EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:7 a.m.24 views

libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219.

...

5.9CVSS5.8AI score0.00218EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:6 a.m.6 views

libexpat before 2.8.2 has an integer overflow in storeAtts.

...

6.9CVSS5.8AI score0.00102EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:5 a.m.5 views

libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen.

...

6.9CVSS5.8AI score0.00102EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:5 a.m.17 views

libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse.

...

6.9CVSS5.8AI score0.00102EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:5 a.m.13 views

libexpat before 2.8.2 has an integer overflow in addBinding.

...

6.9CVSS5.8AI score0.00102EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:4 a.m.4 views

libexpat before 2.8.2 has an integer overflow in getAttributeId.

...

6.9CVSS5.8AI score0.00102EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/26 6:29 p.m.7 views

CVE-2026-56132

A flaw was found in libexpat, a library used for parsing XML data. An attacker could exploit a heap-based buffer overflow, a type of memory error, by providing specially crafted XML input. This vulnerability occurs when the library mishandles memory reallocation while processing XML, particularly...

6.9CVSS6.2AI score0.00107EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/24 1:56 a.m.12 views

CVE-2026-56406

A flaw was found in libexpat. An integer overflow vulnerability exists in the XMLParseBuffer function due to a missing check. This flaw could allow an attacker to cause memory corruption, potentially leading to arbitrary code execution, information disclosure, or a denial of service. Mitigation...

6.9CVSS5.9AI score0.00102EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/23 8:0 a.m.6 views

CVE-2026-56410

A flaw was found in libexpat. Specifically, the xmlwf utility contains an integer overflow vulnerability in its resolveSystemId function. This flaw could be exploited by an attacker to potentially gain unauthorized access to sensitive information or execute arbitrary code, leading to a compromise...

6.9CVSS6.1AI score0.0011EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/22 7:32 p.m.7 views

CVE-2026-56412

A flaw was found in libexpat. This vulnerability, present in versions before 2.8.2, stems from improper handling of XML CDATA sections, where the library fails to adequately track the depth of handler calls. This can result in a 'use-after-free' error, a type of memory corruption that could allow...

5.9CVSS5.8AI score0.00105EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/22 7:32 p.m.7 views

CVE-2026-56411

A flaw was found in libexpat, a software library used for parsing XML Extensible Markup Language documents. An attacker could exploit an integer overflow vulnerability in the xmlwf utility by crafting malicious NOTATION declarations. This could lead to the disclosure of sensitive information or...

6.9CVSS5.9AI score0.0011EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/22 7:32 p.m.6 views

CVE-2026-56405

A flaw was found in libexpat. An integer overflow vulnerability exists within the getAttributeId function. This flaw could allow an attacker to potentially disclose sensitive information or execute arbitrary code, leading to a compromise of the system's integrity and confidentiality. Mitigation T...

6.9CVSS6AI score0.00102EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/22 7:32 p.m.5 views

CVE-2026-56403

A flaw was found in libexpat. An integer overflow vulnerability exists in the storeAtts function. This flaw could allow an attacker to corrupt memory, leading to a denial of service, information disclosure, or potentially arbitrary code execution, compromising the integrity and confidentiality of...

6.9CVSS6.1AI score0.00102EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/22 3:13 p.m.6 views

libexpat: denial of service via crafted XML input

A flaw was found in libexpat. When processing a specially crafted XML input containing a specific pattern of attributes, the parsing time increases quadratically due to checks for attribute name collisions. This consumes excessive CPU resources and eventually results in a denial of service...

7.5CVSS5.8AI score0.00428EPSS
Exploits1References5
OSV
OSV
added 2026/06/21 5:16 p.m.4 views

ALPINE-CVE-2026-56411

xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations...

6.9CVSS5.8AI score0.0011EPSS
Exploits0References1
NVD
NVD
added 2026/06/21 5:16 p.m.14 views

CVE-2026-56411

xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations...

6.9CVSS0.0011EPSS
Exploits0References1
NVD
NVD
added 2026/06/21 5:16 p.m.12 views

CVE-2026-56412

libexpat before 2.8.2 does not consider XMLTOKDATACHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219...

5.9CVSS0.00105EPSS
Exploits0References1
OSV
OSV
added 2026/06/21 5:16 p.m.4 views

UBUNTU-CVE-2026-56411

xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations...

6.9CVSS5.8AI score0.0011EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/21 5:11 p.m.17 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the getAttributeId function. An attacker can cause memory corruption or execute arbitrary code by providing specially crafted input that triggers an integer overflow. Remediation A fix was pushed into...

7.5CVSS6.2AI score0.00102EPSS
Exploits0References2
Rows per page
Query Builder