Impact
An integer overflow occurs in libexpat’s addBinding function when parsing numeric values that exceed the size of the integer variable. The overflow can corrupt memory or cause a crash, potentially allowing an attacker to influence the program’s execution flow. This weakness is classified as CWE‑190 and may jeopardize confidentiality, integrity, and availability of any application that employs libexpat for XML processing.
Affected Systems
All installations of the libexpat library with a version earlier than 2.8.2 are affected. This includes any application, service, or embedded system that links with libexpat for XML parsing, regardless of platform or deployment environment.
Risk and Exploitability
The CVSS score of 6.9 indicates moderate to high severity, and the vulnerability is not listed in the CISA KEV catalog, suggesting limited known exploitation. Based on the description, it is inferred that the likely attack vector involves remote delivery of a crafted XML document to trigger the overflow; no special privileges are required on the target. When exploited, the integer overflow can lead to memory corruption or application crashes.
OpenCVE Enrichment