Description
xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used.
Published: 2026-06-21
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The libexpat xmlwf utility contains an integer overflow when the -d outputDir option is used to specify an output directory. This flaw can cause the internal calculation of an output filename to exceed the bounds of an integer, leading to a crash of the utility. As a result, an attacker who can invoke xmlwf with elevated privileges or manipulate the specified directory may achieve a denial of service that disrupts the functionality of applications that rely on libexpat for XML processing.

Affected Systems

Based on the description, the vulnerability applies to the libexpat project’s libexpat library in all releases prior to 2.8.2. It is inferred that users of any operating system or distribution that package libexpat before that version are susceptible. The flaw has been identified in the xmlwf command‑line front‑end that ships with the library.

Risk and Exploitability

The flaw has a CVSS score of 6.5, indicating moderate severity. No EPSS data are publicly available, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is local or within processes that can invoke xmlwf with the -d flag; remote exploitation would require the attacker to run the vulnerable utility with sufficient privilege. Because it results in a program crash, it primarily presents a denial‑of‑service risk rather than a compromise of confidentiality or integrity.

Generated by OpenCVE AI on June 21, 2026 at 17:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade libexpat to version 2.8.2 or later, which includes the integer‑overflow fix.
  • If an update is not immediately possible, avoid using the -d outputDir option with xmlwf or restrict its execution to trusted users.
  • Monitor log files for SIGSEGV or crash events related to xmlwf and ensure that any running instance is restarted.

Generated by OpenCVE AI on June 21, 2026 at 17:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 22 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sun, 21 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Title Integer Overflow in libexpat xmlwf Output File Handling

Sun, 21 Jun 2026 16:00:00 +0000

Type Values Removed Values Added
Description xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used.
First Time appeared Libexpat Project
Libexpat Project libexpat
Weaknesses CWE-190
CPEs cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*
Vendors & Products Libexpat Project
Libexpat Project libexpat
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L'}


Subscriptions

Libexpat Project Libexpat
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-22T15:56:24.103Z

Reserved: 2026-06-21T15:52:59.313Z

Link: CVE-2026-56409

cve-icon Vulnrichment

Updated: 2026-06-22T15:56:18.300Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-21T18:45:05Z

Weaknesses
  • CWE-190

    Integer Overflow or Wraparound