Libexpat Project: >> Libexpat >> 2.8.0 Security Vulnerabilities
libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,
CVSS Score
4.9
EPSS Score
0.001
Published
2026-06-04
In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.
CVSS Score
2.9
EPSS Score
0.005
Published
2026-05-10