Skip to main content

Libexpat CVE-2026-32776

| EUVDEUVD-2026-12347 MEDIUM
NULL Pointer Dereference (CWE-476)
2026-03-16 mitre
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
6.2 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
CVSS changed
Jul 14, 2026 - 13:22 NVD
4.0 (MEDIUM) 5.5 (MEDIUM)
Patch available
Apr 16, 2026 - 05:29 EUVD
2.7.5
EUVD ID Assigned
Mar 16, 2026 - 09:00 euvd
EUVD-2026-12347
Analysis Generated
Mar 16, 2026 - 09:00 vuln.today
CVE Published
Mar 16, 2026 - 06:54 nvd
MEDIUM 4.0

DescriptionNVD

libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.

AnalysisAI

libexpat before version 2.7.5 contains a NULL pointer dereference vulnerability triggered by malformed XML containing empty external parameter entity content, resulting in denial of service through application crashes. The vulnerability affects all versions of libexpat prior to 2.7.5 across multiple platforms and applications that embed this XML parsing library. An attacker with local access can craft a malicious XML document to crash any application using vulnerable libexpat, though the impact is limited to availability (CVSS 4.0) with no code execution or data compromise possible.

Technical ContextAI

libexpat is a widely-used C library for parsing XML documents, commonly embedded in applications, programming language bindings (Python, Perl, Ruby), and system utilities. The vulnerability (CWE-476: NULL Pointer Dereference) occurs in the XML entity processing logic when the parser encounters an external parameter entity with empty or malformed content. Rather than gracefully handling this edge case, the parser attempts to dereference a NULL pointer, leading to an immediate segmentation fault. This is a memory safety issue in the entity expansion and validation code path that fails to perform proper bounds checking or NULL validation before dereferencing entity content pointers.

RemediationAI

Upgrade libexpat to version 2.7.5 or later immediately. For system packages, use your distribution's package manager (apt upgrade libexpat1, yum update expat, etc.). For embedded copies in applications, rebuild applications linked against the patched libexpat version. If immediate patching is impossible, implement input validation at the application layer to reject XML documents with suspicious entity definitions, and restrict file system access to untrusted users to prevent local XML file creation. Monitor application logs for segmentation faults or parsing errors as indicators of exploitation attempts. Verify remediation by checking libexpat version post-patch (expat-config --version or rpm -q expat).

CVE-2022-25315 CRITICAL POC
9.8 Feb 18

In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. Rated critical severity (CVSS 9.8),

CVE-2017-9233 HIGH POC
7.5 Jul 25

XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the p

CVE-2026-45186 HIGH POC
7.5 May 10

Denial of service in libexpat before 2.8.1 lets remote attackers exhaust CPU by submitting moderately sized crafted XML

CVE-2022-43680 HIGH POC
7.5 Oct 24

In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEnti

CVE-2019-15903 HIGH POC
7.5 Sep 04

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too

CVE-2013-0340 MEDIUM POC
6.8 Jan 21

expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetE

CVE-2016-0718 CRITICAL
9.8 May 26

Expat allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a m

CVE-2024-45492 CRITICAL
9.8 Aug 30

An issue was discovered in libexpat before 2.6.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exp

CVE-2024-45491 CRITICAL
9.8 Aug 30

An issue was discovered in libexpat before 2.6.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exp

CVE-2016-4472 HIGH
8.1 Jun 30

The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attacke

CVE-2022-40674 HIGH
8.1 Sep 14

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. Rated high severity (CVSS 8.1), this

CVE-2016-5300 HIGH
7.5 Jun 16

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attacker

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
Container suse/ltss/sle12.5/sles12sp5:8.5.217 Affected
Container suse/manager/4.3/proxy-httpd:latest Container suse/manager/4.3/proxy-salt-broker:4.3.17.9.66.5 Container suse/manager/4.3/proxy-ssh:latest Container suse/manager/4.3/proxy-tftpd:4.3.17.9.66.5 Container suse/sle-micro/base-5.5:latest Container suse/sle-micro/kvm-5.5:latest Image SLES15-SP5-Micro-5-5 Image SLES15-SP5-Micro-5-5-Azure Affected
Container suse/sl-micro/6.0/baremetal-os-container:2.1.3-6.156 Container suse/sl-micro/6.0/base-os-container:2.1.3-7.123 Container suse/sl-micro/6.0/kvm-os-container:2.1.3-6.140 Container suse/sl-micro/6.0/rt-os-container:2.1.3-7.154 Container suse/sl-micro/6.0/toolbox:13.2-9.91 Container suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.86 Container suse/sl-micro/6.1/base-os-container:2.2.1-5.110 Container suse/sl-micro/6.1/kvm-os-container:2.2.1-5.112 Container suse/sl-micro/6.1/rt-os-container:2.2.1-5.100 Image SL-Micro Affected
Container suse/sle-micro-rancher/5.2:latest Container suse/sle-micro/5.2/toolbox:14.2-7.11.264 Affected
Container suse/sles/16.0/toolbox:16.3-1.42 Affected

Share

CVE-2026-32776 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy