CNNVD-202601-5080 Information

CNNVD ID

CNNVD-202601-5080

Related CVE

CVE-2026-25210

• CNNVD Published: 2026-01-30

Description (Chinese)

libexpat是libexpat团队的一款使用C语言编写的流式XML解析器。 libexpat 2.7.4之前版本存在输入验证错误漏洞，该漏洞源于doContent函数缺少整数溢出检查，可能导致缓冲区大小计算错误。

Description (English)

Libexpat is a current XML solver for the libexpat team in C language. The previous version of libexpat 2.7.4 had an input validation error loophole, which stemmed from the lack of an integer spill check for the doContent function, which could lead to a buffer zone size calculation error.

Hazard Level

High

Vulnerability Type

输入验证错误

Affected Vendor

libexpat

Published

2026-01-30

Last Modified

2026-02-24

References

https://github.com/libexpat/libexpat/pull/1075 https://github.com/libexpat/libexpat/pull/1075/commits/9c2d990389e6abe2e44527eeaa8b39f16fe859c7

Patch

https://libexpat.github.io/