Description
libexpat before 2.8.2 has an integer overflow in addBinding.
Published: 2026-06-21
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An integer overflow occurs in libexpat’s addBinding function when parsing numeric values that exceed the size of the integer variable. The overflow can corrupt memory or cause a crash, potentially allowing an attacker to influence the program’s execution flow. This weakness is classified as CWE‑190 and may jeopardize confidentiality, integrity, and availability of any application that employs libexpat for XML processing.

Affected Systems

All installations of the libexpat library with a version earlier than 2.8.2 are affected. This includes any application, service, or embedded system that links with libexpat for XML parsing, regardless of platform or deployment environment.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate to high severity, and the vulnerability is not listed in the CISA KEV catalog, suggesting limited known exploitation. Based on the description, it is inferred that the likely attack vector involves remote delivery of a crafted XML document to trigger the overflow; no special privileges are required on the target. When exploited, the integer overflow can lead to memory corruption or application crashes.

Generated by OpenCVE AI on June 21, 2026 at 18:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade libexpat to version 2.8.2 or later to apply the addBinding fix.
  • If upgrading is not immediately possible, restrict or sandbox use of addBinding, or replace it with a validated alternative that performs bounds checking.
  • Limit XML input to trusted sources and enforce strict size limits on numeric values to reduce overflow risk before it reaches libexpat.

Generated by OpenCVE AI on June 21, 2026 at 18:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 22 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sun, 21 Jun 2026 16:00:00 +0000

Type Values Removed Values Added
Description libexpat before 2.8.2 has an integer overflow in addBinding.
First Time appeared Libexpat Project
Libexpat Project libexpat
Weaknesses CWE-190
CPEs cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
Vendors & Products Libexpat Project
Libexpat Project libexpat
References
Metrics cvssV3_1

{'score': 6.9, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L'}


Subscriptions

Libexpat Project Libexpat
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-22T17:05:08.584Z

Reserved: 2026-06-21T15:45:55.277Z

Link: CVE-2026-56404

cve-icon Vulnrichment

Updated: 2026-06-22T17:05:03.342Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-21T19:00:14Z

Weaknesses
  • CWE-190

    Integer Overflow or Wraparound