Impact
The vulnerability is an xmlwf, a component of the libexpat library. This flaw can corrupt memory during XML parsing, potentially leading to a crash and, in a worst‑case scenario, enabling an attacker to influence program flow. The weakness is identified as CWE‑190, and the primary impact is a denial of service from process termination.
Affected Systems
Affected deployments involve any system using the libexpat library prior to version 2.8.2, including applications that rely on libexpat for XML processing. The libexpat project maintains the vulnerable component, and the flaw originates in xmlwf’s resolveSystemId routine.
Risk and Exploitability
The CVSS score of 6.9 indicates a medium‑severity vulnerability. EPSS data is not available, so the exact exploitation probability remains unknown, and the vulnerability is not listed in the CISA KEV catalog, suggesting no widespread public exploitation at this time. Based on the description, it is inferred that the attacker must supply crafted XML input processed by the vulnerable routine; thus the likely attack vector is via malicious XML delivered to an application that uses libexpat for XML parsing. Exploitation requires no privileged state and would likely result in a denial of service by crashing the process or corrupting memory.
OpenCVE Enrichment