MEDIUM🇬🇧 English

CVE-2026-56132

CVSS 6.9v3.1pub. 2026-06-19upd. 2026-06-23

In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
  • Libexpat Project Libexpat

    APP
    Libexpat Project
    < 2.8.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Memory
CWE
Referencje

Powiązane podatności

CVE-2024-45492CRITICAL9.8PL ✓ten sam produkt

Integer overflow w libexpat — podatność w nextScaffoldPart na platformach 32-bitowych

CVE-2024-45491CRITICAL9.8PL ✓ten sam produkt

Integer overflow w libexpat (dtdCopy) na platformach 32-bitowych

CVE-2022-25315CRITICAL9.8ten sam produkt

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

CVE-2022-25236CRITICAL9.8ten sam produkt

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into...

CVE-2022-25235CRITICAL9.8ten sam produkt

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for wh...