Description
libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.
Published: 2026-03-16
Score: 2.9 Low
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch Now
AI Analysis

Impact

The vulnerability exists in libexpat versions prior to 2.7.5. A NULL pointer dereference is triggered in the setContext function when retrying after an earlier out‑of‑memory condition. This leads to a crash of the process that uses the library, resulting in a denial of service. The weakness is a Null Pointer Dereference, CWE‑476.

Affected Systems

The libexpat library from the libexpat project, in any application that links to it, is affected. All versions before 2.7.5 are vulnerable. This includes typical Linux distributions, embedded systems, and any third‑party software that bundles an older libexpat.

Risk and Exploitability

The CVSS score of 2.9 indicates low severity, and the EPSS score is below 1 %, meaning the likelihood of exploitation is very low. The vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be local: an attacker or privileged user can supply a large XML document to trigger an out‑of‑memory condition and then cause the library to crash, leading to service interruption. Because it is a denial of service, it does not compromise confidentiality or integrity.

Generated by OpenCVE AI on March 17, 2026 at 17:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest libexpat release (2.7.5 or newer) via your package manager or rebuild from source.
  • Verify that the update is active in all affected applications.
  • Monitor logs for signs of out‑of‑memory incidents or unexpected process crashes and limit XML input size if a patch cannot be applied immediately.

Generated by OpenCVE AI on March 17, 2026 at 17:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*

Tue, 17 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Libexpat Project
Libexpat Project libexpat
Vendors & Products Libexpat Project
Libexpat Project libexpat

Tue, 17 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
Title libexpat: libexpat: Denial of Service via NULL pointer dereference after out-of-memory condition
References
Metrics threat_severity

None

 threat_severity

Moderate

Mon, 16 Mar 2026 07:30:00 +0000

Type Values Removed Values Added
Description libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.
Weaknesses CWE-476
References
Metrics cvssV3_1

{'score': 2.9, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Libexpat Project Libexpat
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-17T14:39:21.950Z

Reserved: 2026-03-16T07:02:33.921Z

Link: CVE-2026-32778

cve-icon Vulnrichment

Updated: 2026-03-17T14:39:17.823Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T14:19:44.970

Modified: 2026-03-17T15:52:53.160

Link: CVE-2026-32778

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-16T07:02:34Z

Links: CVE-2026-32778 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:45:37Z

Weaknesses