Impact
libexpat before version 2.8.2 contains an integer overflow in the doProlog routine, which interacts with entity storage and text length calculations. The flaw can corrupt buffer bounds when parsing malicious XML, potentially corrupting adjacent memory or causing an application crash. The input triggering the overflow is external and can be supplied by an attacker. Affected systems are implementations of the libexpat XML parser by the libexpat project, specifically those using any release prior to 2.8.2. This includes commonly used open‑source applications and libraries that embed libexpat for XML processing. The CVSS score of 6.9 indicates moderate severity, and the vulnerability is not listed in the CISA KEV catalog; no EPSS information is available. The attack requires only that the application parse crafted XML input, which is readily achievable over network or local file paths without authentication. Consequently the risk of exploitation is moderate to high for exposed services that use libexpat without input validation. A patch to version 2.8.2 has been released, mitigating the overflow.
Affected Systems
libexpat XML parser provided by libexpat project in any release before 2.8.2. This includes many open‑source applications and libraries that embed libexpat for XML processing.
Risk and Exploitability
The CVSS score of 6.9 indicates moderate severity. EPSS score is not available, and it is not listed in KEV. Attack requires parsing crafted XML input; no authentication is needed. The risk of exploitation is moderate to high for exposed services that lack input validation.
OpenCVE Enrichment