CVE-2026-25210

Sažetak

In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.

Reference

https://github.com/libexpat/libexpat/pull/1075
https://github.com/libexpat/libexpat/pull/1075/commits/9c2d990389e6abe2e44527eeaa8b39f16fe859c7
https://cert-portal.siemens.com/productcert/html/ssa-253495.html

CVSS

Base:	6.9
Impact:	5.5
Exploitability:	1.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	LOW

CVSS vektor

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L

Zadnje važnije ažuriranje

02-06-2026 - 14:16

Objavljeno

30-01-2026 - 07:16