Skip to main content

Libexpat CVE-2026-25210

MEDIUM
Integer Overflow or Wraparound (CWE-190)
2026-01-30 cve@mitre.org
6.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.9 MEDIUM
AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
SUSE
MEDIUM
qualitative
Red Hat
6.9 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
Low

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 22:00 vuln.today
Patch released
Mar 10, 2026 - 18:17 nvd
Patch available
CVE Published
Jan 30, 2026 - 07:16 nvd
MEDIUM 6.9

DescriptionCVE.org

In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.

AnalysisAI

Libexpat versions before 2.7.4 are vulnerable to integer overflow in the doContent function during tag buffer reallocation, enabling local attackers with no privileges to achieve high-impact confidentiality and integrity violations. The flaw stems from missing overflow validation when calculating buffer sizes, allowing memory corruption that could lead to information disclosure or code execution. A patch is available for affected systems.

Technical ContextAI

Classified as CWE-190 (Integer Overflow or Wraparound). Affects Libexpat. In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.

RemediationAI

A vendor patch is available — apply it immediately.

CVE-2022-25315 CRITICAL POC
9.8 Feb 18

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. Rated critical severity (CVSS 9.8),

CVE-2017-9233 HIGH POC
7.5 Jul 25

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the p

CVE-2026-45186 HIGH POC
7.5 May 10

Denial of service in libexpat before 2.8.1 lets remote attackers exhaust CPU by submitting moderately sized crafted XML

CVE-2022-43680 HIGH POC
7.5 Oct 24

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEnti

CVE-2019-15903 HIGH POC
7.5 Sep 04

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too

CVE-2013-0340 MEDIUM POC
6.8 Jan 21

expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetE

CVE-2016-0718 CRITICAL
9.8 May 26

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a m

CVE-2024-45492 CRITICAL
9.8 Aug 30

An issue was discovered in libexpat before 2.6.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exp

CVE-2024-45491 CRITICAL
9.8 Aug 30

An issue was discovered in libexpat before 2.6.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exp

CVE-2016-4472 HIGH
8.1 Jun 30

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attacke

CVE-2022-40674 HIGH
8.1 Sep 14

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. Rated high severity (CVSS 8.1), this

CVE-2016-5300 HIGH
7.5 Jun 16

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attacker

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
Container private-registry/harbor-portal:1.1.1-1.31 Container private-registry/harbor-trivy-adapter:1.1.1-1.32 Image SLES15-SP7-CHOST-BYOS-Aliyun Image SLES15-SP7-CHOST-BYOS-Azure Image SLES15-SP7-CHOST-BYOS-EC2 Image SLES15-SP7-CHOST-BYOS-GCE Image SLES15-SP7-CHOST-BYOS-GDC Image SLES15-SP7-CHOST-BYOS-SAP-CCloud Image SLES15-SP7-GCE-3P Image pr_15_7 Image proxy-httpd-image Image proxy-salt-broker-image Image proxy-squid-image Image proxy-ssh-image Image proxy-tftpd-image Image server-database-migration-image Image server-hub-xmlrpc-api-image Image server-image Image server-saline-image Affected
Container suse/ltss/sle12.5/sles12sp5:8.5.201 Affected
Container suse/manager/4.3/proxy-httpd:4.3.16.2.9.73.20 Container suse/manager/4.3/proxy-salt-broker:4.3.16.2.9.63.21 Container suse/manager/4.3/proxy-ssh:4.3.16.2.9.63.14 Container suse/manager/4.3/proxy-tftpd:4.3.16.2.9.63.15 Container suse/manager/5.0/x86_64/proxy-httpd:latest Container suse/manager/5.0/x86_64/proxy-salt-broker:latest Container suse/manager/5.0/x86_64/proxy-ssh:latest Container suse/manager/5.0/x86_64/proxy-tftpd:latest Container suse/manager/5.0/x86_64/server-hub-xmlrpc-api:latest Container suse/manager/5.0/x86_64/server-migration-14-16:latest Container suse/manager/5.0/x86_64/server:latest Container suse/sle-micro/base-5.5:2.0.4-5.8.249 Container suse/sle-micro/kvm-5.5:2.0.4-3.5.478 Image SLES15-SP4-HPC-BYOS Image SLES15-SP4-HPC-BYOS-EC2 Image SLES15-SP4-HPC-EC2 Image SLES15-SP4-Hardened-BYOS Image SLES15-SP4-Hardened-BYOS-EC2 Image SLES15-SP5-HPC-BYOS-EC2 Image SLES15-SP5-Hardened-BYOS-EC2 Image SLES15-SP5-Micro-5-5 Image SLES15-SP5-Micro-5-5-Azure Affected
Container suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.123 Affected
Container suse/sl-micro/6.0/base-os-container:2.1.3-7.92 Container suse/sl-micro/6.0/kvm-os-container:2.1.3-6.110 Container suse/sl-micro/6.0/rt-os-container:2.1.3-7.124 Container suse/sl-micro/6.0/toolbox:13.2-9.65 Container suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.2 Container suse/sl-micro/6.1/base-os-container:2.2.1-5.78 Container suse/sl-micro/6.1/kvm-os-container:2.2.1-5.80 Container suse/sl-micro/6.1/rt-os-container:2.2.1-5.71 Image SL-Micro Image SL-Micro-Azure Image SL-Micro-BYOS-Azure Image SL-Micro-BYOS-EC2 Image SL-Micro-BYOS-GCE Image SL-Micro-EC2 Image SLE-Micro Image SLE-Micro-Azure Image SLE-Micro-BYOS Image SLE-Micro-BYOS-Azure Image SLE-Micro-BYOS-EC2 Image SLE-Micro-BYOS-GCE Image SLE-Micro-EC2 Image SLE-Micro-GCE Image SUSE-Multi-Linux-Manager-Proxy-BYOS-Azure Image SUSE-Multi-Linux-Manager-Proxy-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-GCE Image SUSE-Multi-Linux-Manager-Server-Azure-llc Image SUSE-Multi-Linux-Manager-Server-Azure-ltd Image SUSE-Multi-Linux-Manager-Server-BYOS-Azure Image SUSE-Multi-Linux-Manager-Server-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Server-BYOS-GCE Image SUSE-Multi-Linux-Manager-Server-EC2-llc Image SUSE-Multi-Linux-Manager-Server-EC2-ltd Affected

Share

CVE-2026-25210 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy