rpm package
suse/expat&distro=SUSE Linux Enterprise Module for Basesystem 15 SP6
pkg:rpm/suse/expat&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-59375 | Hig | 7.5 | < 2.7.1-150400.3.31.1 | 2.7.1-150400.3.31.1 | Sep 15, 2025 | libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. | |
| CVE-2024-8176 | Hig | 7.5 | < 2.7.1-150400.3.28.1 | 2.7.1-150400.3.28.1 | Mar 14, 2025 | A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and c | |
| CVE-2024-50602 | — | < 2.4.4-150400.3.25.1 | 2.4.4-150400.3.25.1 | Oct 27, 2024 | An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser. | ||
| CVE-2024-45492 | Cri | 9.8 | < 2.4.4-150400.3.22.1 | 2.4.4-150400.3.22.1 | Aug 30, 2024 | An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). | |
| CVE-2024-45491 | Cri | 9.8 | < 2.4.4-150400.3.22.1 | 2.4.4-150400.3.22.1 | Aug 30, 2024 | An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). | |
| CVE-2024-45490 | Hig | 7.5 | < 2.4.4-150400.3.22.1 | 2.4.4-150400.3.22.1 | Aug 30, 2024 | An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. |
- affected < 2.7.1-150400.3.31.1fixed 2.7.1-150400.3.31.1
libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.
- affected < 2.7.1-150400.3.28.1fixed 2.7.1-150400.3.28.1
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and c
- CVE-2024-50602Oct 27, 2024affected < 2.4.4-150400.3.25.1fixed 2.4.4-150400.3.25.1
An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.
- affected < 2.4.4-150400.3.22.1fixed 2.4.4-150400.3.22.1
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
- affected < 2.4.4-150400.3.22.1fixed 2.4.4-150400.3.22.1
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
- affected < 2.4.4-150400.3.22.1fixed 2.4.4-150400.3.22.1
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.