Description
In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers.
Published: 2026-06-19
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The issue is a heap‑based buffer overflow inside the doProlog function of libexpat's XML parser caused by mishandled reallocation of a backing array when data‑structure sharing occurs across parsers. The overflow can corrupt adjacent heap memory, potentially allowing an attacker to achieve arbitrary code execution or a denial‑of‑service if they can provide a malformed XML payload.

Affected Systems

The flaw exists in all libexpat releases older than 2.8.2. Any application that links against these versions may be vulnerable if it parses XML data. The precise impact on end systems depends on how the vulnerable library is used within those applications.

Risk and Exploitability

The CVSS score of 6.9 indicates a medium severity impact. No EPSS score is available, so current exploitation prevalence is unknown. This vulnerability is not listed in the CISA KEV catalog. An attacker would need to supply crafted XML to a vulnerable application; it is inferred that exploitation requires that untrusted XML reaches the vulnerable code path. Successful exploitation could corrupt the heap, potentially leading to arbitrary code execution or a denial‑of‑service.

Generated by OpenCVE AI on June 19, 2026 at 06:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade libexpat to version 2.8.2 or later, which fixes the reallocation flaw identified as CWE-821.
  • Recompile any applications that link against libexpat to ensure the patched library is used.
  • Add bounds‑checking logic to any custom code that reuses data structures across parser instances to prevent exceeding allocated memory, addressing CWE-821.

Generated by OpenCVE AI on June 19, 2026 at 06:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 06:30:00 +0000

Type Values Removed Values Added
Title Heap-Based Buffer Overflow in libexpat XML Parser

Fri, 19 Jun 2026 04:30:00 +0000

Type Values Removed Values Added
Description In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers.
First Time appeared Libexpat Project
Libexpat Project libexpat
Weaknesses CWE-821
CPEs cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
Vendors & Products Libexpat Project
Libexpat Project libexpat
References
Metrics cvssV3_1

{'score': 6.9, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L'}

Subscriptions

Libexpat Project Libexpat
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-19T03:00:42.975Z

Reserved: 2026-06-19T03:00:42.577Z

Link: CVE-2026-56132

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T06:30:04Z

Weaknesses
  • CWE-821

    Incorrect Synchronization