汇总 libexpat_project 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
常见弱点模式包括 缓冲区溢出、内存损坏、XXE与跨站脚本,在 软件部署与生产负载 使用场景中可能带来 应用崩溃、内存损坏与会话劫持 等风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2026-56412 | libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219. | [email protected] | 4.9 | 0.10% | 2026-06-21 | 2026-06-23 |
| CVE-2026-56411 | xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations. | [email protected] | 6.9 | 0.11% | 2026-06-21 | 2026-06-23 |
| CVE-2026-56410 | xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId. | [email protected] | 6.9 | 0.11% | 2026-06-21 | 2026-06-23 |
| CVE-2026-56409 | xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used. | [email protected] | 6.5 | 0.10% | 2026-06-21 | 2026-06-23 |
| CVE-2026-56408 | libexpat before 2.8.2 has an integer overflow in copyString. | [email protected] | 6.9 | 0.10% | 2026-06-21 | 2026-06-23 |
| CVE-2026-56407 | libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen. | [email protected] | 6.9 | 0.10% | 2026-06-21 | 2026-06-23 |
| CVE-2026-56406 | libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse. | [email protected] | 6.9 | 0.10% | 2026-06-21 | 2026-06-23 |
| CVE-2026-56405 | libexpat before 2.8.2 has an integer overflow in getAttributeId. | [email protected] | 6.9 | 0.10% | 2026-06-21 | 2026-06-23 |
| CVE-2026-56404 | libexpat before 2.8.2 has an integer overflow in addBinding. | [email protected] | 6.9 | 0.10% | 2026-06-21 | 2026-06-23 |
| CVE-2026-56403 | libexpat before 2.8.2 has an integer overflow in storeAtts. | [email protected] | 6.9 | 0.10% | 2026-06-21 | 2026-06-23 |
| CVE-2026-56132 | In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers. | [email protected] | 6.9 | 0.09% | 2026-06-19 | 2026-06-23 |
| CVE-2026-56131 | libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur (similar to the CVE-2026-50219 situation). | [email protected] | 4.9 | 0.10% | 2026-06-19 | 2026-06-23 |
| CVE-2026-50219 | libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur, | [email protected] | 4.9 | 0.22% | 2026-06-04 | 2026-06-17 |
| CVE-2026-45186 | In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input. | [email protected] | 2.9 | 0.31% | 2026-05-10 | 2026-06-17 |
| CVE-2026-41080 | libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. | [email protected] | 2.9 | 0.38% | 2026-04-16 | 2026-06-17 |
| CVE-2026-32778 | libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition. | [email protected] | 2.9 | 0.14% | 2026-03-16 | 2026-06-17 |
| CVE-2026-32777 | libexpat before 2.7.5 allows an infinite loop while parsing DTD content. | [email protected] | 4.0 | 0.21% | 2026-03-16 | 2026-06-17 |
| CVE-2026-32776 | libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. | [email protected] | 4.0 | 0.14% | 2026-03-16 | 2026-06-17 |
| CVE-2026-25210 | In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation. | [email protected] | 6.9 | 0.19% | 2026-01-30 | 2026-06-17 |
| CVE-2026-24515 | In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data. | [email protected] | 2.9 | 0.17% | 2026-01-23 | 2026-06-17 |