CVE-2026-25210 | THREATINT

Description

In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.

PUBLISHED Reserved 2026-01-30 | Published 2026-01-30 | Updated 2026-01-30 | Assigner mitre

MEDIUM: 6.9CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

Problem types

CWE-190 Integer Overflow or Wraparound

Product status

Default status

unaffected

Any version before 2.7.4

affected

References

github.com/libexpat/libexpat/pull/1075

github.com/...mmits/9c2d990389e6abe2e44527eeaa8b39f16fe859c7

cve.org (CVE-2026-25210)

nvd.nist.gov (CVE-2026-25210)

Download JSON