Libexpat Project: >> Libexpat >> 2.7.4 Security Vulnerabilities
libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,
CVSS Score
4.9
EPSS Score
0.001
Published
2026-06-04
In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.
CVSS Score
2.9
EPSS Score
0.005
Published
2026-05-10
libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.
CVSS Score
2.9
EPSS Score
0.004
Published
2026-04-16
libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.
CVSS Score
4.0
EPSS Score
0.001
Published
2026-03-16
libexpat before 2.7.5 allows an infinite loop while parsing DTD content.
CVSS Score
4.0
EPSS Score
0.002
Published
2026-03-16
libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.
CVSS Score
2.9
EPSS Score
0.001
Published
2026-03-16