MEDIUM🇵🇱 Wersja polska

CVE-2026-56132

CVSS 6.9v3.1pub. 2026-06-19upd. 2026-06-23

In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers.

CVSS Vector
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
  • Libexpat Project Libexpat

    APP
    Libexpat Project
    < 2.8.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2024-45492CRITICAL9.8PL ✓ten sam produkt

Integer overflow w libexpat — podatność w nextScaffoldPart na platformach 32-bitowych

CVE-2024-45491CRITICAL9.8PL ✓ten sam produkt

Integer overflow w libexpat (dtdCopy) na platformach 32-bitowych

CVE-2022-25315CRITICAL9.8ten sam produkt

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.

CVE-2022-25236CRITICAL9.8ten sam produkt

xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into...

CVE-2022-25235CRITICAL9.8ten sam produkt

xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for wh...