VYPR

rpm package

opensuse/mozjs140&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/mozjs140&distro=openSUSE%20Tumbleweed

Vulnerabilities (4)

  • CVE-2025-70103HigMay 27, 2026
    affected < 140.10.1-2.1fixed 140.10.1-2.1

    Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras::DecodeImagePNM function in file lib/extras/dec/pnm.cc.

  • CVE-2026-32778Mar 16, 2026
    affected < 140.10.0-1.1fixed 140.10.0-1.1

    libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.

  • CVE-2026-32777Mar 16, 2026
    affected < 140.10.0-1.1fixed 140.10.0-1.1

    libexpat before 2.7.5 allows an infinite loop while parsing DTD content.

  • CVE-2026-32776Mar 16, 2026
    affected < 140.10.0-1.1fixed 140.10.0-1.1

    libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.