Impact
The libexpat xmlwf utility contains an integer overflow when the -d outputDir option is used to specify an output directory. This flaw can cause the internal calculation of an output filename to exceed the bounds of an integer, leading to a crash of the utility. As a result, an attacker who can invoke xmlwf with elevated privileges or manipulate the specified directory may achieve a denial of service that disrupts the functionality of applications that rely on libexpat for XML processing.
Affected Systems
Based on the description, the vulnerability applies to the libexpat project’s libexpat library in all releases prior to 2.8.2. It is inferred that users of any operating system or distribution that package libexpat before that version are susceptible. The flaw has been identified in the xmlwf command‑line front‑end that ships with the library.
Risk and Exploitability
The flaw has a CVSS score of 6.5, indicating moderate severity. No EPSS data are publicly available, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is local or within processes that can invoke xmlwf with the -d flag; remote exploitation would require the attacker to run the vulnerable utility with sufficient privilege. Because it results in a program crash, it primarily presents a denial‑of‑service risk rather than a compromise of confidentiality or integrity.
OpenCVE Enrichment