Shodan
Vulnerabilities
Vulnerable Software
Libexpat Project:  >> Libexpat  >> 1.95.5  Security Vulnerabilities
CVE-2026-25210
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.
CVSS Score
6.9
EPSS Score
0.0
Published
2026-01-30
CVE-2026-24515
In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.
CVSS Score
2.9
EPSS Score
0.0
Published
2026-01-23
CVE-2025-66382
In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.
CVSS Score
2.9
EPSS Score
0.0
Published
2025-11-28
CVE-2025-59375
libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-09-15
CVE-2024-50602
An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.
CVSS Score
5.9
EPSS Score
0.001
Published
2024-10-27
CVE-2024-45490
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
CVSS Score
7.5
EPSS Score
0.005
Published
2024-08-30
CVE-2024-45491
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
CVSS Score
9.8
EPSS Score
0.006
Published
2024-08-30
CVE-2024-45492
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
CVSS Score
9.8
EPSS Score
0.012
Published
2024-08-30
CVE-2024-28757
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
CVSS Score
7.5
EPSS Score
0.009
Published
2024-03-10
CVE-2023-52425
libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.
CVSS Score
7.5
EPSS Score
0.016
Published
2024-02-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved