CVE-2026-24515

In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.

low 2.9 CVSS 3.1
Published: Jan 23, 2026
Modified: Jun 2, 2026
Vendor: Libexpat Project
Product: Libexpat

Description

In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.

References

Related CVEs

CVE-2026-25210 medium · 6.9
In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.
CVE-2025-66382 low · 2.9
In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.