彙總 libexpat_project 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 緩衝區溢位、XXE、記憶體損壞與跨站腳本,在 軟體部署與生產負載 使用場景中可能帶來 應用程式崩潰、記憶體損壞與工作階段劫持 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2026-50219 | libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur, | [email protected] | 4.9 | 0.10% | 2026-06-04 | 2026-06-04 |
| CVE-2026-45186 | In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input. | [email protected] | 2.9 | 0.50% | 2026-05-10 | 2026-05-14 |
| CVE-2026-41080 | libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. | [email protected] | 2.9 | 0.38% | 2026-04-16 | 2026-06-12 |
| CVE-2026-32778 | libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition. | [email protected] | 2.9 | 0.14% | 2026-03-16 | 2026-03-17 |
| CVE-2026-32777 | libexpat before 2.7.5 allows an infinite loop while parsing DTD content. | [email protected] | 4.0 | 0.21% | 2026-03-16 | 2026-03-17 |
| CVE-2026-32776 | libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. | [email protected] | 4.0 | 0.14% | 2026-03-16 | 2026-03-17 |
| CVE-2026-25210 | In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation. | [email protected] | 6.9 | 0.19% | 2026-01-30 | 2026-06-02 |
| CVE-2026-24515 | In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data. | [email protected] | 2.9 | 0.17% | 2026-01-23 | 2026-06-02 |
| CVE-2025-66382 | In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time. | [email protected] | 2.9 | 0.18% | 2025-11-28 | 2026-06-02 |
| CVE-2025-59375 | libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. | [email protected] | 7.5 | 1.24% | 2025-09-15 | 2026-05-12 |
| CVE-2024-50602 | An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. | [email protected] | 5.9 | 1.04% | 2024-10-27 | 2025-10-15 |
| CVE-2024-45492 | An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). | [email protected] | 9.8 | 1.39% | 2024-08-30 | 2026-05-12 |
| CVE-2024-45491 | An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). | [email protected] | 9.8 | 1.14% | 2024-08-30 | 2026-05-12 |
| CVE-2024-45490 | An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. | [email protected] | 7.5 | 1.69% | 2024-08-30 | 2026-05-12 |
| CVE-2024-28757 | libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). | [email protected] | 7.5 | 2.01% | 2024-03-10 | 2025-11-04 |
| CVE-2023-52426 | libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time. | [email protected] | 5.5 | 0.37% | 2024-02-04 | 2025-11-04 |
| CVE-2023-52425 | libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. | [email protected] | 7.5 | 1.81% | 2024-02-04 | 2025-11-04 |
| CVE-2022-43680 | In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. | [email protected] | 7.5 | 2.24% | 2022-10-24 | 2025-05-30 |
| CVE-2022-40674 | libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. | [email protected] | 8.1 | 1.64% | 2022-09-14 | 2025-05-30 |
| CVE-2022-25315 | In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. | [email protected] | 9.8 | 4.78% | 2022-02-18 | 2025-05-05 |