CVE-2026-25210

Summary

In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.

Affected Software

VendorProductVersion RangeStatus
libexpat projectlibexpat0 < 2.7.4affected

Weaknesses

  • CWE-190: CWE-190 Integer Overflow or Wraparound

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

Additional References

References