本頁列出影響 libexpat_project libexpat 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2026-56412 | libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219. | [email protected] | 4.9 | 0.10% | 2026-06-21 | 2026-06-23 |
| CVE-2026-56411 | xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations. | [email protected] | 6.9 | 0.11% | 2026-06-21 | 2026-06-23 |
| CVE-2026-56410 | xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId. | [email protected] | 6.9 | 0.11% | 2026-06-21 | 2026-06-23 |
| CVE-2026-56409 | xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used. | [email protected] | 6.5 | 0.10% | 2026-06-21 | 2026-06-23 |
| CVE-2026-56408 | libexpat before 2.8.2 has an integer overflow in copyString. | [email protected] | 6.9 | 0.10% | 2026-06-21 | 2026-06-23 |
| CVE-2026-56407 | libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen. | [email protected] | 6.9 | 0.10% | 2026-06-21 | 2026-06-23 |
| CVE-2026-56406 | libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse. | [email protected] | 6.9 | 0.10% | 2026-06-21 | 2026-06-23 |
| CVE-2026-56405 | libexpat before 2.8.2 has an integer overflow in getAttributeId. | [email protected] | 6.9 | 0.10% | 2026-06-21 | 2026-06-23 |
| CVE-2026-56404 | libexpat before 2.8.2 has an integer overflow in addBinding. | [email protected] | 6.9 | 0.10% | 2026-06-21 | 2026-06-23 |
| CVE-2026-56403 | libexpat before 2.8.2 has an integer overflow in storeAtts. | [email protected] | 6.9 | 0.10% | 2026-06-21 | 2026-06-23 |
| CVE-2026-56132 | In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers. | [email protected] | 6.9 | 0.09% | 2026-06-19 | 2026-06-23 |
| CVE-2026-56131 | libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur (similar to the CVE-2026-50219 situation). | [email protected] | 4.9 | 0.10% | 2026-06-19 | 2026-06-23 |
| CVE-2026-50219 | libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur, | [email protected] | 4.9 | 0.22% | 2026-06-04 | 2026-06-17 |
| CVE-2026-45186 | In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input. | [email protected] | 2.9 | 0.43% | 2026-05-10 | 2026-07-14 |
| CVE-2026-41080 | libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. | [email protected] | 2.9 | 0.38% | 2026-04-16 | 2026-07-14 |
| CVE-2026-32778 | libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition. | [email protected] | 2.9 | 0.14% | 2026-03-16 | 2026-07-14 |
| CVE-2026-32777 | libexpat before 2.7.5 allows an infinite loop while parsing DTD content. | [email protected] | 4.0 | 0.21% | 2026-03-16 | 2026-07-14 |
| CVE-2026-32776 | libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. | [email protected] | 4.0 | 0.14% | 2026-03-16 | 2026-07-14 |
| CVE-2026-25210 | In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation. | [email protected] | 6.9 | 0.19% | 2026-01-30 | 2026-06-17 |
| CVE-2026-24515 | In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data. | [email protected] | 2.9 | 0.17% | 2026-01-23 | 2026-06-17 |