CVE-2026-56132
Published
CVSS v3
6.9
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
In libexpat before 2.8.2, there is a heap-based buffer overflow in doProlog in xmlparse.c because scaffold backing array reallocation is mishandled when there is data-structure sharing across parsers.
:herb: Fast streaming XML parser written in C99 with >90% test coverage; moved from SourceForge to GitHub
GitHub