libexpat_project libexpat CVE 漏洞(61)

CVE 數: 61 CPE versions: View versions table

摘要

本頁列出影響 libexpat_project libexpat 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。

顯示 12061 CVE 數
«« 第一頁 « 上一頁 第 1 / 4 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2026-56412 libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219. [email protected] 4.9 0.10% 2026-06-21 2026-06-23
CVE-2026-56411 xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations. [email protected] 6.9 0.11% 2026-06-21 2026-06-23
CVE-2026-56410 xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId. [email protected] 6.9 0.11% 2026-06-21 2026-06-23
CVE-2026-56409 xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used. [email protected] 6.5 0.10% 2026-06-21 2026-06-23
CVE-2026-56408 libexpat before 2.8.2 has an integer overflow in copyString. [email protected] 6.9 0.10% 2026-06-21 2026-06-23
CVE-2026-56407 libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen. [email protected] 6.9 0.10% 2026-06-21 2026-06-23
CVE-2026-56406 libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse. [email protected] 6.9 0.10% 2026-06-21 2026-06-23
CVE-2026-56405 libexpat before 2.8.2 has an integer overflow in getAttributeId. [email protected] 6.9 0.10% 2026-06-21 2026-06-23
CVE-2026-56404 libexpat before 2.8.2 has an integer overflow in addBinding. [email protected] 6.9 0.10% 2026-06-21 2026-06-23
CVE-2026-56403 libexpat before 2.8.2 has an integer overflow in storeAtts. [email protected] 6.9 0.10% 2026-06-21 2026-06-23
CVE-2026-56132 In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers. [email protected] 6.9 0.09% 2026-06-19 2026-06-23
CVE-2026-56131 libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur (similar to the CVE-2026-50219 situation). [email protected] 4.9 0.10% 2026-06-19 2026-06-23
CVE-2026-50219 libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur, [email protected] 4.9 0.22% 2026-06-04 2026-06-17
CVE-2026-45186 In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input. [email protected] 2.9 0.43% 2026-05-10 2026-07-14
CVE-2026-41080 libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. [email protected] 2.9 0.38% 2026-04-16 2026-07-14
CVE-2026-32778 libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition. [email protected] 2.9 0.14% 2026-03-16 2026-07-14
CVE-2026-32777 libexpat before 2.7.5 allows an infinite loop while parsing DTD content. [email protected] 4.0 0.21% 2026-03-16 2026-07-14
CVE-2026-32776 libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. [email protected] 4.0 0.14% 2026-03-16 2026-07-14
CVE-2026-25210 In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation. [email protected] 6.9 0.19% 2026-01-30 2026-06-17
CVE-2026-24515 In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data. [email protected] 2.9 0.17% 2026-01-23 2026-06-17
«« 第一頁 « 上一頁 第 1 / 4 頁 下一頁 »
cvelogic Threat Intelligence