libexpat Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in libexpat, affecting all versions through 2.7.3. The issue arises when a crafted file of approximately 2 MiB in size is processed, leading to a significant increase in processing time. Depending on the hardware used, this can cause delays of 25 to 100 seconds.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing prolonged processing times that can disrupt normal application performance.

Added: Nov 28, 2025, 7:19 AM

Updated: Nov 28, 2025, 7:19 AM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

4.7

remediation

0.0

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

4.7

remediation

0.0

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libexpat Denial-of-Service Vulnerability

Vulnerability

Impact

Affected Products

libexpat

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating