Description
libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse.
Published: 2026-06-21
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

libexpat is a widely used XML parser library. The vulnerability resides in an integer overflow in the XML_ParseBuffer function, which uses an unchecked length calculation that can grow beyond the bounds of allocated memory. This overflow can corrupt memory, allowing an attacker who supplies crafted XML data to subvert control flow or corrupt state, leading to potential code execution or denial of service. The weakness is categorized as CWE-190, a classic integer overflow flaw.

Affected Systems

All installations of libexpat prior to version 2.8.2 are affected, regardless of operating system or platform. Because the library is embedded in many applications—from web servers to desktop software—any deployment that accepts XML from untrusted sources and uses the vulnerable parser is at risk. The vendor lists the product as "libexpat project:libexpat" with no specific version range given, but the UPDATE notes clarify that versions before 2.8.2 contain the flaw.

Risk and Exploitability

The CVSS score of 6.9 places this vulnerability in the moderate severity range. Exploit confidence is unknown as the EPSS score is not yet available, and the vulnerability is not yet listed in CISA’s KEV catalog. However, the nature of the integer overflow and lack of bounds checking suggest that an attacker who can feed XML data to the parsing routine could gain memory corruption. The attack vector is most likely Remote or Local, depending on whether the target application exposes the parser to external input.

Generated by OpenCVE AI on June 21, 2026 at 18:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade libexpat to version 2.8.2 or later, which includes the missing length check in XML_ParseBuffer
  • If the application does not automatically link to the newer library, rebuild the application to use the updated libexpat
  • For applications that cannot be immediately updated, limit XML input size, sanitize input, or disable XML processing for untrusted data until the patch is deployed

Generated by OpenCVE AI on June 21, 2026 at 18:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Title Integer Overflow in XML_ParseBuffer Causing Memory Corruption libexpat: libexpat: Arbitrary code execution via integer overflow in XML_ParseBuffer
References
Metrics threat_severity

None

threat_severity

Moderate


Mon, 22 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sun, 21 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Title Integer Overflow in XML_ParseBuffer Causing Memory Corruption

Sun, 21 Jun 2026 16:00:00 +0000

Type Values Removed Values Added
Description libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse.
First Time appeared Libexpat Project
Libexpat Project libexpat
Weaknesses CWE-190
CPEs cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
Vendors & Products Libexpat Project
Libexpat Project libexpat
References
Metrics cvssV3_1

{'score': 6.9, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L'}


Subscriptions

Libexpat Project Libexpat
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-22T17:02:44.194Z

Reserved: 2026-06-21T15:48:21.578Z

Link: CVE-2026-56406

cve-icon Vulnrichment

Updated: 2026-06-22T17:02:40.816Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-21T15:48:21Z

Links: CVE-2026-56406 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-21T19:45:16Z

Weaknesses
  • CWE-190

    Integer Overflow or Wraparound