Total
47 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-59375 | 1 Libexpat Project | 1 Libexpat | 2026-05-01 | N/A | 7.5 HIGH |
| libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. | |||||
| CVE-2012-1148 | 2 Apple, Libexpat Project | 2 Mac Os X, Libexpat | 2026-04-29 | 5.0 MEDIUM | N/A |
| Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (memory consumption) via a large number of crafted XML files that cause improperly-handled reallocation failures when expanding entities. | |||||
| CVE-2012-0876 | 6 Canonical, Debian, Libexpat Project and 3 more | 11 Ubuntu Linux, Debian Linux, Libexpat and 8 more | 2026-04-29 | 4.3 MEDIUM | N/A |
| The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value. | |||||
| CVE-2013-0340 | 3 Apple, Libexpat Project, Python | 7 Ipados, Iphone Os, Macos and 4 more | 2026-04-29 | 6.8 MEDIUM | N/A |
| expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE. | |||||
| CVE-2012-1147 | 2 Apple, Libexpat Project | 2 Mac Os X, Libexpat | 2026-04-29 | 4.3 MEDIUM | N/A |
| readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files. | |||||
| CVE-2026-41080 | 1 Libexpat Project | 1 Libexpat | 2026-04-27 | N/A | 2.9 LOW |
| libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. | |||||
| CVE-2009-3720 | 4 A M Kuchling, Apache, Libexpat Project and 1 more | 4 Pyxml, Http Server, Libexpat and 1 more | 2026-04-23 | 5.0 MEDIUM | N/A |
| The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625. | |||||
| CVE-2009-3560 | 3 Apache, Libexpat Project, Xmltwig | 3 Http Server, Libexpat, Xml-twig For Perl | 2026-04-23 | 5.0 MEDIUM | N/A |
| The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720. | |||||
| CVE-2026-32778 | 1 Libexpat Project | 1 Libexpat | 2026-03-17 | N/A | 2.9 LOW |
| libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition. | |||||
| CVE-2026-32777 | 1 Libexpat Project | 1 Libexpat | 2026-03-17 | N/A | 4.0 MEDIUM |
| libexpat before 2.7.5 allows an infinite loop while parsing DTD content. | |||||
| CVE-2026-32776 | 1 Libexpat Project | 1 Libexpat | 2026-03-17 | N/A | 4.0 MEDIUM |
| libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. | |||||
| CVE-2026-25210 | 1 Libexpat Project | 1 Libexpat | 2026-03-10 | N/A | 6.9 MEDIUM |
| In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation. | |||||
| CVE-2026-24515 | 1 Libexpat Project | 1 Libexpat | 2026-02-05 | N/A | 2.9 LOW |
| In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data. | |||||
| CVE-2025-66382 | 1 Libexpat Project | 1 Libexpat | 2025-12-19 | N/A | 2.9 LOW |
| In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time. | |||||
| CVE-2024-28757 | 3 Fedoraproject, Libexpat Project, Netapp | 21 Fedora, Libexpat, Active Iq Unified Manager and 18 more | 2025-11-04 | N/A | 7.5 HIGH |
| libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). | |||||
| CVE-2023-52426 | 1 Libexpat Project | 1 Libexpat | 2025-11-04 | N/A | 5.5 MEDIUM |
| libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time. | |||||
| CVE-2023-52425 | 1 Libexpat Project | 1 Libexpat | 2025-11-04 | N/A | 7.5 HIGH |
| libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. | |||||
| CVE-2024-45492 | 1 Libexpat Project | 1 Libexpat | 2025-11-04 | N/A | 9.8 CRITICAL |
| An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). | |||||
| CVE-2024-45491 | 1 Libexpat Project | 1 Libexpat | 2025-11-04 | N/A | 9.8 CRITICAL |
| An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). | |||||
| CVE-2024-45490 | 1 Libexpat Project | 1 Libexpat | 2025-11-04 | N/A | 7.5 HIGH |
| An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. | |||||