Description
libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen.
Published: 2026-06-21
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

libexpat before version 2.8.2 contains an integer overflow in the doProlog routine, which interacts with entity storage and text length calculations. The flaw can corrupt buffer bounds when parsing malicious XML, potentially corrupting adjacent memory or causing an application crash. The input triggering the overflow is external and can be supplied by an attacker. Affected systems are implementations of the libexpat XML parser by the libexpat project, specifically those using any release prior to 2.8.2. This includes commonly used open‑source applications and libraries that embed libexpat for XML processing. The CVSS score of 6.9 indicates moderate severity, and the vulnerability is not listed in the CISA KEV catalog; no EPSS information is available. The attack requires only that the application parse crafted XML input, which is readily achievable over network or local file paths without authentication. Consequently the risk of exploitation is moderate to high for exposed services that use libexpat without input validation. A patch to version 2.8.2 has been released, mitigating the overflow.

Affected Systems

libexpat XML parser provided by libexpat project in any release before 2.8.2. This includes many open‑source applications and libraries that embed libexpat for XML processing.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity. EPSS score is not available, and it is not listed in KEV. Attack requires parsing crafted XML input; no authentication is needed. The risk of exploitation is moderate to high for exposed services that lack input validation.

Generated by OpenCVE AI on June 21, 2026 at 17:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the libexpat library to version 2.8.2 or later, following the release notes and installing the official update files or rebuild the application with the updated library
  • If an immediate upgrade is not possible, isolate the XML parsing component or enforce strict input validation to reject oversized or malformed XML entities before they reach the parser
  • Turn on memory protection features such as ASLR and stack canaries if the application environment supports them, as a defensive measure against potential exploitation of the overflow

Generated by OpenCVE AI on June 21, 2026 at 17:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 22 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sun, 21 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Title Integer Overflow in libexpat XML Parser

Sun, 21 Jun 2026 16:00:00 +0000

Type Values Removed Values Added
Description libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen.
First Time appeared Libexpat Project
Libexpat Project libexpat
Weaknesses CWE-190
CPEs cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
Vendors & Products Libexpat Project
Libexpat Project libexpat
References
Metrics cvssV3_1

{'score': 6.9, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L'}


Subscriptions

Libexpat Project Libexpat
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-22T15:55:09.731Z

Reserved: 2026-06-21T15:49:35.402Z

Link: CVE-2026-56407

cve-icon Vulnrichment

Updated: 2026-06-22T15:55:04.238Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-21T18:45:05Z

Weaknesses
  • CWE-190

    Integer Overflow or Wraparound