CVE-2026-25210
HIGH7.8EPSS 0.01%Published: 1/30/2026Modified: 4/28/2026
Description
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.
Affected packages (2)
- Alpine/expatfrom 0, < 2.7.4-r0
- Debian/expatfrom 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |