IM
IronMonkey Threat Research

CVE-2026-24515 LOW

Published: 2026-01-23 | Last Modified: 2026-06-02 | Status: Modified

Description

In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.

Additional Descriptions (1)

En libexpat anterior a 2.7.4, XML_ExternalEntityParserCreate no copia los datos de usuario del manejador de codificación desconocido.

CVSS Metrics

Base Score: 2.5 (LOW)

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Attack VectorLOCAL
Attack ComplexityHIGH
Privileges RequiredLOW
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactLOW

Source: [email protected]

Type: Primary

Exploitability Score: 1.0

Impact Score: 1.4

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-476

Affected Products

Vendor Product Version Update Type
libexpat_project libexpat * <built-in method update of dict object at 0x7f76394cf500> Application

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*

References

Notification
Message here