VYPR

rpm package

opensuse/expat&distro=openSUSE Leap 16.0

pkg:rpm/opensuse/expat&distro=openSUSE%20Leap%2016.0

Vulnerabilities (6)

  • CVE-2026-32778Mar 16, 2026
    affected < 2.7.1-160000.5.1fixed 2.7.1-160000.5.1

    libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.

  • CVE-2026-32777Mar 16, 2026
    affected < 2.7.1-160000.5.1fixed 2.7.1-160000.5.1

    libexpat before 2.7.5 allows an infinite loop while parsing DTD content.

  • CVE-2026-32776Mar 16, 2026
    affected < 2.7.1-160000.5.1fixed 2.7.1-160000.5.1

    libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.

  • CVE-2026-25210MedJan 30, 2026
    affected < 2.7.1-160000.4.1fixed 2.7.1-160000.4.1

    In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.

  • CVE-2026-24515LowJan 23, 2026
    affected < 2.7.1-160000.4.1fixed 2.7.1-160000.4.1

    In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.

  • CVE-2025-59375HigSep 15, 2025
    affected < 2.7.1-160000.3.1fixed 2.7.1-160000.3.1

    libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.