OESA-2026-2974

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2974
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2026-2974.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2026-2974
Upstream
Published
2026-07-09T12:55:49Z
Modified
2026-07-14T08:15:13.735469769Z
Summary
expat security update
Details

expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial.

Security Fix(es):

libexpat before 2.8.2 has an integer overflow in storeAtts.(CVE-2026-56403)

libexpat before 2.8.2 has an integer overflow in addBinding.(CVE-2026-56404)

libexpat before 2.8.2 has an integer overflow in getAttributeId.(CVE-2026-56405)

libexpat before 2.8.2 has an integer overflow in XMLParseBuffer because it lacked a check that was present in XMLParse.(CVE-2026-56406)

libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen.(CVE-2026-56407)

libexpat before 2.8.2 has an integer overflow in copyString.(CVE-2026-56408)

xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used.(CVE-2026-56409)

xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId.(CVE-2026-56410)

xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations.(CVE-2026-56411)

libexpat before 2.8.2 does not consider XMLTOKDATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219.(CVE-2026-56412)

Database specific
{
    "severity": "Medium"
}
References

Affected packages

openEuler:22.03-LTS-SP4 / expat

Package

Name
expat
Purl
pkg:rpm/openEuler/expat&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.1-27.oe2203sp4

Ecosystem specific

{
    "aarch64": [
        "expat-2.4.1-27.oe2203sp4.aarch64.rpm",
        "expat-debuginfo-2.4.1-27.oe2203sp4.aarch64.rpm",
        "expat-debugsource-2.4.1-27.oe2203sp4.aarch64.rpm",
        "expat-devel-2.4.1-27.oe2203sp4.aarch64.rpm"
    ],
    "src": [
        "expat-2.4.1-27.oe2203sp4.src.rpm"
    ],
    "noarch": [
        "expat-help-2.4.1-27.oe2203sp4.noarch.rpm"
    ],
    "x86_64": [
        "expat-2.4.1-27.oe2203sp4.x86_64.rpm",
        "expat-debuginfo-2.4.1-27.oe2203sp4.x86_64.rpm",
        "expat-debugsource-2.4.1-27.oe2203sp4.x86_64.rpm",
        "expat-devel-2.4.1-27.oe2203sp4.x86_64.rpm"
    ]
}

Database specific

source
"https://repo.openeuler.org/security/data/osv/OESA-2026-2974.json"