rpm package
opensuse/mozjs140&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/mozjs140&distro=openSUSE%20Tumbleweed
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-70103 | Hig | 7.3 | < 140.10.1-2.1 | 140.10.1-2.1 | May 27, 2026 | Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras::DecodeImagePNM function in file lib/extras/dec/pnm.cc. | |
| CVE-2026-32778 | — | < 140.10.0-1.1 | 140.10.0-1.1 | Mar 16, 2026 | libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition. | ||
| CVE-2026-32777 | — | < 140.10.0-1.1 | 140.10.0-1.1 | Mar 16, 2026 | libexpat before 2.7.5 allows an infinite loop while parsing DTD content. | ||
| CVE-2026-32776 | — | < 140.10.0-1.1 | 140.10.0-1.1 | Mar 16, 2026 | libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. |
- affected < 140.10.1-2.1fixed 140.10.1-2.1
Heap buffer overflow vulnerability in libjxl 0.12.0 via crafted PBM images to the jxl::extras::DecodeImagePNM function in file lib/extras/dec/pnm.cc.
- CVE-2026-32778Mar 16, 2026affected < 140.10.0-1.1fixed 140.10.0-1.1
libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.
- CVE-2026-32777Mar 16, 2026affected < 140.10.0-1.1fixed 140.10.0-1.1
libexpat before 2.7.5 allows an infinite loop while parsing DTD content.
- CVE-2026-32776Mar 16, 2026affected < 140.10.0-1.1fixed 140.10.0-1.1
libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.