Description
In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.
Published: 2026-01-23
Score: 2.9 Low
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Apply Patch
AI Analysis

Impact

The vulnerability resides in libexpat, where the function XML_ExternalEntityParserCreate fails to copy user data for unknown encoding handlers, leading to a null pointer dereference. This flaw can cause an application to crash when processing XML input that specifies an unfamiliar encoding, resulting in a denial of service. The weakness is classified as CWE‑476, a null pointer dereference.

Affected Systems

All installations of the libexpat library older than version 2.7.4 are potentially affected. Applications that embed libexpat and invoke XML_ExternalEntityParserCreate—such as web servers, document processors, or other XML‑handling software—are at risk if they are linked against an unpatched library.

Risk and Exploitability

The CVSS score of 2.9 indicates a low severity impact, and the EPSS score of less than 1% shows a very low probability of exploitation at present. The vulnerability is not listed in the CISA KEV catalog, and no public exploits have been reported. Attackers would need to supply crafted XML content to trigger the crash, so an attacker must have the ability to influence input to the vulnerable parser.

Generated by OpenCVE AI on April 18, 2026 at 03:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade libexpat to version 2.7.4 or later, which includes the null‑check fix.
  • If an upgrade is not immediately feasible, disable the use of XML_ExternalEntityParserCreate with unknown encoding handlers or turn off external entity parsing altogether.
  • Review the application’s XML processing pipeline for additional null‑dereference risks and apply input validation or configuration hardening as needed.

Generated by OpenCVE AI on April 18, 2026 at 03:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 28 Jan 2026 00:15:00 +0000

Type Values Removed Values Added
Title libexpat: libexpat null pointer dereference
References
Metrics threat_severity

None

 threat_severity

Low

Fri, 23 Jan 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 23 Jan 2026 08:00:00 +0000

Type Values Removed Values Added
Description In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.
First Time appeared Libexpat Project
Libexpat Project libexpat
Weaknesses CWE-476
CPEs cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
Vendors & Products Libexpat Project
Libexpat Project libexpat
References
Metrics cvssV3_1

{'score': 2.9, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Libexpat Project Libexpat
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-01-23T15:31:51.679Z

Reserved: 2026-01-23T07:46:36.099Z

Link: CVE-2026-24515

cve-icon Vulnrichment

Updated: 2026-01-23T15:31:46.915Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-23T08:16:01.490

Modified: 2026-02-05T17:27:53.290

Link: CVE-2026-24515

cve-icon Redhat

Severity : Low

Publid Date: 2026-01-23T07:46:36Z

Links: CVE-2026-24515 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T03:15:35Z

Weaknesses