Libexpat_project Libexpat
21 CVEs affecting Libexpat_project Libexpat. Latest disclosed: 2026-06-04. Critical: 4, High: 6.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-7210 | Critical | 9.8 | 2026-05-11 | `xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger has… |
CVE-2024-45492 | Critical | 9.8 | 2024-08-30 | An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_M… |
CVE-2024-45491 | Critical | 9.8 | 2024-08-30 | An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equal… |
CVE-2016-0718 | Critical | 9.8 | 2016-05-26 | Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a malformed input document, which triggers… |
CVE-2016-4472 | High | 8.1 | 2016-06-30 | The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash)… |
CVE-2017-11742 | High | 7.8 | 2017-07-30 | The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan hor… |
CVE-2025-59375 | High | 7.5 | 2025-09-15 | libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. |
CVE-2024-45490 | High | 7.5 | 2024-08-30 | An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. |
CVE-2017-9233 | High | 7.5 | 2017-07-25 | XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malfo… |
CVE-2016-5300 | High | 7.5 | 2016-06-16 | The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU con… |
CVE-2026-25210 | Medium | 6.9 | 2026-01-30 | In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer… |
CVE-2012-6702 | Medium | 5.9 | 2016-06-16 | Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptograp… |
CVE-2026-50219 | Medium | 4.9 | 2026-06-04 | libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within… |
CVE-2026-45186 | Low | 2.9 | 2026-05-10 | In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input. |
CVE-2026-24515 | Low | 2.9 | 2026-01-23 | In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data. |
CVE-2025-66382 | Low | 2.9 | 2025-11-28 | In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time. |
CVE-2015-1283 | | 2015-07-23 | Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote… | |
CVE-2013-0340 | | 2014-01-21 | expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows… | |
CVE-2012-1148 | | 2012-07-03 | Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory cons… | |
CVE-2012-1147 | | 2012-07-03 | readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted… |