CVE-2026-25210

Published January 30th, 2026

View on NVD ↗

CVSS v3

6.9

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.

libexpat/libexpat

:herb: Fast streaming XML parser written in C99 with >90% test coverage; moved from SourceForge to GitHub

GitHub

1.34K