expat is a stream-oriented XML parser library written in C. expat excels with files too large to fit RAM, and where performance and flexibility are crucial.
Security Fix(es):
libexpat before 2.8.2 has an integer overflow in storeAtts.(CVE-2026-56403)
libexpat before 2.8.2 has an integer overflow in addBinding.(CVE-2026-56404)
libexpat before 2.8.2 has an integer overflow in getAttributeId.(CVE-2026-56405)
libexpat before 2.8.2 has an integer overflow in XMLParseBuffer because it lacked a check that was present in XMLParse.(CVE-2026-56406)
libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen.(CVE-2026-56407)
libexpat before 2.8.2 has an integer overflow in copyString.(CVE-2026-56408)
xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used.(CVE-2026-56409)
xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId.(CVE-2026-56410)
xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations.(CVE-2026-56411)
libexpat before 2.8.2 does not consider XMLTOKDATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219.(CVE-2026-56412)
{
"severity": "Medium"
}{
"aarch64": [
"expat-2.4.1-27.oe2203sp4.aarch64.rpm",
"expat-debuginfo-2.4.1-27.oe2203sp4.aarch64.rpm",
"expat-debugsource-2.4.1-27.oe2203sp4.aarch64.rpm",
"expat-devel-2.4.1-27.oe2203sp4.aarch64.rpm"
],
"src": [
"expat-2.4.1-27.oe2203sp4.src.rpm"
],
"noarch": [
"expat-help-2.4.1-27.oe2203sp4.noarch.rpm"
],
"x86_64": [
"expat-2.4.1-27.oe2203sp4.x86_64.rpm",
"expat-debuginfo-2.4.1-27.oe2203sp4.x86_64.rpm",
"expat-debugsource-2.4.1-27.oe2203sp4.x86_64.rpm",
"expat-devel-2.4.1-27.oe2203sp4.x86_64.rpm"
]
}