VDB

DEBIAN-CVE-2026-25210

DEBIAN-CVE-2026-25210 PUBLISHED CVSS 7.800000190734863 HIGH

In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.

Risk Scores

CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Debian:12expat2.7.1-1, 2.7.1-2, 2.7.2-1
Debian:14expat2.7.1-2, 0, 2.7.2-1
Debian:13expat0, 2.7.1-2, 2.7.2-1
Debian:11expat2.6.1-2, 2.6.2-1, 2.6.2-2

Exploit Intelligence

Timeline

  • Jan 30, 2026 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›