PT-2026-25632 · Libexpat+2 · Libexpat+2

Sebastian Pipping

Published

2026-01-01

Updated

2026-06-05

CVE-2026-32778

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.7.5

Description The software contains a flaw where a NULL pointer dereference can occur within the setContext function when retrying an operation after a previous out-of-memory condition.

Recommendations Update libexpat to version 2.7.5 or later.

Fix

RCE

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

BDU:2026-07335

CVE-2026-32778

ECHO-3AF7-0BD3-2A49

MGASA-2026-0061

OPENSUSE-SU-2026:10466-1

OPENSUSE-SU-2026:10620-1

OPENSUSE-SU-2026:10642-1

OPENSUSE-SU-2026:20448-1

OPENSUSE-SU-2026:20674-1

OPENSUSE-SU-2026:20769-1

SUSE-SU-2026:1137-1

SUSE-SU-2026:1159-1

SUSE-SU-2026:1166-1

SUSE-SU-2026:1352-1

SUSE-SU-2026:1742-1

SUSE-SU-2026:1817-1

SUSE-SU-2026:1870-1

SUSE-SU-2026:1956-1

SUSE-SU-2026:20963-1

SUSE-SU-2026:20985-1

SUSE-SU-2026:21031-1

SUSE-SU-2026:21062-1

SUSE-SU-2026:21545-1

Affected Products

Ibm Aix

Red Os

Libexpat

PT-2026-25632 · Libexpat+2 · Libexpat+2

CVE-2026-32778

Weakness Enumeration

Related Identifiers

Affected Products

References · 61