By vendor
Libexpat_project vulnerabilities
Known CVEs affecting Libexpat_project products, prioritized by severity, with SEC.co remediation and detection guidance.
1 published vulnerability
- CVE-2026-50219MEDIUM 4.9
libexpat, a widely-used XML parsing library, contains a use-after-free vulnerability in versions before 2.8.2. The flaw occurs when certain XML parsing functions (XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset) are called from within event handlers without proper depth tracking. This can lead to memory safety violations and potentially allow attackers to crash applications or, in some scenarios, execute arbitrary code. The vulnerability requires local access and specific conditions to trigger, making it a moderate-risk issue rather than a widespread internet-facing threat.