VulnerableCode Package Details - pkg:deb/debian/expat@2.8.1-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1rcd-tvec-q7e5	libexpat: expat: libexpat: Denial of Service via hash flooding with crafted XML	CVE-2026-41080
VCID-2ptf-rmup-ebeu	libexpat: denial of service via crafted XML input	CVE-2026-45186
VCID-b9bc-gdyw-ufb9	libexpat: libexpat: Denial of Service via NULL pointer dereference after out-of-memory condition	CVE-2026-32778
VCID-d2db-wju5-4khw	libexpat: libexpat: Denial of Service via infinite loop in DTD content parsing	CVE-2026-32777
VCID-t3np-c4np-kff8	In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.	CVE-2026-25210
VCID-tyba-j6k8-z3hh		CVE-2025-59375
VCID-xayk-1q4b-f3ez	In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.	CVE-2026-24515
VCID-zxh1-jrat-y7bu	libexpat: libexpat: Denial of Service due to NULL pointer dereference	CVE-2026-32776

Vulnerability

Summary

Aliases

VCID-1rcd-tvec-q7e5

libexpat: expat: libexpat: Denial of Service via hash flooding with crafted XML

CVE-2026-41080

VCID-2ptf-rmup-ebeu

libexpat: denial of service via crafted XML input

CVE-2026-45186

VCID-b9bc-gdyw-ufb9

libexpat: libexpat: Denial of Service via NULL pointer dereference after out-of-memory condition

CVE-2026-32778

VCID-d2db-wju5-4khw

libexpat: libexpat: Denial of Service via infinite loop in DTD content parsing

CVE-2026-32777

VCID-t3np-c4np-kff8

In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.

CVE-2026-25210

VCID-tyba-j6k8-z3hh

CVE-2025-59375

VCID-xayk-1q4b-f3ez

In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.

CVE-2026-24515

VCID-zxh1-jrat-y7bu

libexpat: libexpat: Denial of Service due to NULL pointer dereference

CVE-2026-32776

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-05T20:16:35.734425+00:00	Debian Importer	Fixing	VCID-1rcd-tvec-q7e5	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-06-05T19:55:16.837910+00:00	Debian Importer	Fixing	VCID-t3np-c4np-kff8	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-06-05T19:36:33.045581+00:00	Debian Importer	Fixing	VCID-d2db-wju5-4khw	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-06-05T19:22:31.128266+00:00	Debian Importer	Fixing	VCID-xayk-1q4b-f3ez	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-06-05T19:04:29.226979+00:00	Debian Importer	Fixing	VCID-2ptf-rmup-ebeu	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-06-04T19:55:51.162671+00:00	Debian Importer	Fixing	VCID-tyba-j6k8-z3hh	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-06-04T19:55:43.541439+00:00	Debian Importer	Fixing	VCID-zxh1-jrat-y7bu	https://security-tracker.debian.org/tracker/data/json	38.6.0
2026-06-04T19:45:41.528525+00:00	Debian Importer	Fixing	VCID-b9bc-gdyw-ufb9	https://security-tracker.debian.org/tracker/data/json	38.6.0